Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap. Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/os/priv_defs
+++ new/usr/src/uts/common/os/priv_defs
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 * Copyright 2013, Joyent, Inc. All rights reserved.
24 24 *
25 25 INSERT COMMENT
26 26 */
27 27
28 28 #
29 29 # Privileges can be added to this file at any location, not
30 30 # necessarily at the end. For patches, it is probably best to
31 31 # add the new privilege at the end; for ordinary releases privileges
32 32 # should be ordered alphabetically.
33 33 #
34 34
35 35 privilege PRIV_CONTRACT_EVENT
36 36
37 37 Allows a process to request critical events without limitation.
38 38 Allows a process to request reliable delivery of all events on
39 39 any event queue.
40 40
41 41 privilege PRIV_CONTRACT_IDENTITY
42 42
43 43 Allows a process to set the service FMRI value of a process
44 44 contract template.
45 45
46 46 privilege PRIV_CONTRACT_OBSERVER
47 47
48 48 Allows a process to observe contract events generated by
49 49 contracts created and owned by users other than the process's
50 50 effective user ID.
51 51 Allows a process to open contract event endpoints belonging to
52 52 contracts created and owned by users other than the process's
53 53 effective user ID.
54 54
55 55 privilege PRIV_CPC_CPU
56 56
57 57 Allow a process to access per-CPU hardware performance counters.
58 58
59 59 privilege PRIV_DTRACE_KERNEL
60 60
61 61 Allows DTrace kernel-level tracing.
62 62
63 63 privilege PRIV_DTRACE_PROC
64 64
65 65 Allows DTrace process-level tracing.
66 66 Allows process-level tracing probes to be placed and enabled in
67 67 processes to which the user has permissions.
68 68
69 69 privilege PRIV_DTRACE_USER
70 70
71 71 Allows DTrace user-level tracing.
72 72 Allows use of the syscall and profile DTrace providers to
73 73 examine processes to which the user has permissions.
74 74
75 75 privilege PRIV_FILE_CHOWN
76 76
77 77 Allows a process to change a file's owner user ID.
78 78 Allows a process to change a file's group ID to one other than
79 79 the process' effective group ID or one of the process'
80 80 supplemental group IDs.
81 81
82 82 privilege PRIV_FILE_CHOWN_SELF
83 83
84 84 Allows a process to give away its files; a process with this
85 85 privilege will run as if {_POSIX_CHOWN_RESTRICTED} is not
86 86 in effect.
87 87
88 88 privilege PRIV_FILE_DAC_EXECUTE
89 89
90 90 Allows a process to execute an executable file whose permission
91 91 bits or ACL do not allow the process execute permission.
92 92
93 93 privilege PRIV_FILE_DAC_READ
94 94
95 95 Allows a process to read a file or directory whose permission
96 96 bits or ACL do not allow the process read permission.
97 97
98 98 privilege PRIV_FILE_DAC_SEARCH
99 99
100 100 Allows a process to search a directory whose permission bits or
101 101 ACL do not allow the process search permission.
102 102
103 103 privilege PRIV_FILE_DAC_WRITE
104 104
105 105 Allows a process to write a file or directory whose permission
106 106 bits or ACL do not allow the process write permission.
107 107 In order to write files owned by uid 0 in the absence of an
108 108 effective uid of 0 ALL privileges are required.
109 109
110 110 privilege PRIV_FILE_DOWNGRADE_SL
111 111
112 112 Allows a process to set the sensitivity label of a file or
113 113 directory to a sensitivity label that does not dominate the
114 114 existing sensitivity label.
115 115 This privilege is interpreted only if the system is configured
116 116 with Trusted Extensions.
117 117
118 118 privilege PRIV_FILE_FLAG_SET
119 119
120 120 Allows a process to set immutable, nounlink or appendonly
121 121 file attributes.
122 122
123 123 basic privilege PRIV_FILE_LINK_ANY
124 124
125 125 Allows a process to create hardlinks to files owned by a uid
126 126 different from the process' effective uid.
127 127
128 128 privilege PRIV_FILE_OWNER
129 129
130 130 Allows a process which is not the owner of a file or directory
131 131 to perform the following operations that are normally permitted
132 132 only for the file owner: modify that file's access and
133 133 modification times; remove or rename a file or directory whose
134 134 parent directory has the ``save text image after execution''
135 135 (sticky) bit set; mount a ``namefs'' upon a file; modify
136 136 permission bits or ACL except for the set-uid and set-gid
137 137 bits.
138 138
139 139 basic privilege PRIV_FILE_READ
140 140
141 141 Allows a process to read objects in the filesystem.
142 142
143 143 privilege PRIV_FILE_SETID
144 144
145 145 Allows a process to change the ownership of a file or write to
146 146 a file without the set-user-ID and set-group-ID bits being
147 147 cleared.
148 148 Allows a process to set the set-group-ID bit on a file or
149 149 directory whose group is not the process' effective group or
150 150 one of the process' supplemental groups.
151 151 Allows a process to set the set-user-ID bit on a file with
152 152 different ownership in the presence of PRIV_FILE_OWNER.
153 153 Additional restrictions apply when creating or modifying a
154 154 set-uid 0 file.
155 155
156 156 privilege PRIV_FILE_UPGRADE_SL
157 157
158 158 Allows a process to set the sensitivity label of a file or
159 159 directory to a sensitivity label that dominates the existing
160 160 sensitivity label.
161 161 This privilege is interpreted only if the system is configured
162 162 with Trusted Extensions.
163 163
164 164 basic privilege PRIV_FILE_WRITE
165 165
166 166 Allows a process to modify objects in the filesystem.
167 167
168 168 privilege PRIV_GRAPHICS_ACCESS
169 169
170 170 Allows a process to make privileged ioctls to graphics devices.
171 171 Typically only xserver process needs to have this privilege.
172 172 A process with this privilege is also allowed to perform
173 173 privileged graphics device mappings.
174 174
175 175 privilege PRIV_GRAPHICS_MAP
176 176
177 177 Allows a process to perform privileged mappings through a
178 178 graphics device.
179 179
180 180 privilege PRIV_IPC_DAC_READ
181 181
182 182 Allows a process to read a System V IPC
183 183 Message Queue, Semaphore Set, or Shared Memory Segment whose
184 184 permission bits do not allow the process read permission.
185 185 Allows a process to read remote shared memory whose
186 186 permission bits do not allow the process read permission.
187 187
188 188 privilege PRIV_IPC_DAC_WRITE
189 189
190 190 Allows a process to write a System V IPC
191 191 Message Queue, Semaphore Set, or Shared Memory Segment whose
192 192 permission bits do not allow the process write permission.
193 193 Allows a process to read remote shared memory whose
194 194 permission bits do not allow the process write permission.
195 195 Additional restrictions apply if the owner of the object has uid 0
196 196 and the effective uid of the current process is not 0.
197 197
198 198 privilege PRIV_IPC_OWNER
199 199
200 200 Allows a process which is not the owner of a System
201 201 V IPC Message Queue, Semaphore Set, or Shared Memory Segment to
202 202 remove, change ownership of, or change permission bits of the
203 203 Message Queue, Semaphore Set, or Shared Memory Segment.
204 204 Additional restrictions apply if the owner of the object has uid 0
205 205 and the effective uid of the current process is not 0.
206 206
207 207 basic privilege PRIV_NET_ACCESS
208 208
209 209 Allows a process to open a TCP, UDP, SDP or SCTP network endpoint.
210 210
211 211 privilege PRIV_NET_BINDMLP
212 212
213 213 Allow a process to bind to a port that is configured as a
214 214 multi-level port(MLP) for the process's zone. This privilege
215 215 applies to both shared address and zone-specific address MLPs.
216 216 See tnzonecfg(4) from the Trusted Extensions manual pages for
217 217 information on configuring MLP ports.
218 218 This privilege is interpreted only if the system is configured
219 219 with Trusted Extensions.
220 220
221 221 privilege PRIV_NET_ICMPACCESS
222 222
223 223 Allows a process to send and receive ICMP packets.
224 224
225 225 privilege PRIV_NET_MAC_AWARE
226 226
227 227 Allows a process to set NET_MAC_AWARE process flag by using
228 228 setpflags(2). This privilege also allows a process to set
229 229 SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET).
230 230 The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket
231 231 option both allow a local process to communicate with an
232 232 unlabeled peer if the local process' label dominates the
233 233 peer's default label, or if the local process runs in the
234 234 global zone.
235 235 This privilege is interpreted only if the system is configured
236 236 with Trusted Extensions.
237 237
238 238 privilege PRIV_NET_MAC_IMPLICIT
239 239
240 240 Allows a process to set SO_MAC_IMPLICIT option by using
241 241 setsockopt(3SOCKET). This allows a privileged process to
242 242 transmit implicitly-labeled packets to a peer.
243 243 This privilege is interpreted only if the system is configured
244 244 with Trusted Extensions.
245 245
246 246 privilege PRIV_NET_OBSERVABILITY
247 247
248 248 Allows a process to access /dev/lo0 and the devices in /dev/ipnet/
249 249 while not requiring them to need PRIV_NET_RAWACCESS.
250 250
251 251 privilege PRIV_NET_PRIVADDR
252 252
253 253 Allows a process to bind to a privileged port
254 254 number. The privilege port numbers are 1-1023 (the traditional
255 255 UNIX privileged ports) as well as those ports marked as
256 256 "udp/tcp_extra_priv_ports" with the exception of the ports
257 257 reserved for use by NFS.
258 258
259 259 privilege PRIV_NET_RAWACCESS
260 260
261 261 Allows a process to have direct access to the network layer.
262 262
263 263 unsafe privilege PRIV_PROC_AUDIT
264 264
265 265 Allows a process to generate audit records.
266 266 Allows a process to get its own audit pre-selection information.
267 267
268 268 privilege PRIV_PROC_CHROOT
269 269
270 270 Allows a process to change its root directory.
271 271
272 272 privilege PRIV_PROC_CLOCK_HIGHRES
273 273
274 274 Allows a process to use high resolution timers.
275 275
276 276 basic privilege PRIV_PROC_EXEC
277 277
278 278 Allows a process to call execve().
279 279
280 280 basic privilege PRIV_PROC_FORK
281 281
282 282 Allows a process to call fork1()/forkall()/vfork()
283 283
284 284 basic privilege PRIV_PROC_INFO
285 285
286 286 Allows a process to examine the status of processes other
287 287 than those it can send signals to. Processes which cannot
288 288 be examined cannot be seen in /proc and appear not to exist.
289 289
290 290 privilege PRIV_PROC_LOCK_MEMORY
291 291
292 292 Allows a process to lock pages in physical memory.
293 293
294 294 privilege PRIV_PROC_OWNER
295 295
296 296 Allows a process to send signals to other processes, inspect
297 297 and modify process state to other processes regardless of
298 298 ownership. When modifying another process, additional
299 299 restrictions apply: the effective privilege set of the
300 300 attaching process must be a superset of the target process'
301 301 effective, permitted and inheritable sets; the limit set must
302 302 be a superset of the target's limit set; if the target process
303 303 has any uid set to 0 all privilege must be asserted unless the
304 304 effective uid is 0.
305 305 Allows a process to bind arbitrary processes to CPUs.
306 306
|
↓ open down ↓ |
306 lines elided |
↑ open up ↑ |
307 307 privilege PRIV_PROC_PRIOUP
308 308
309 309 Allows a process to elevate its priority above its current level.
310 310
311 311 privilege PRIV_PROC_PRIOCNTL
312 312
313 313 Allows all that PRIV_PROC_PRIOUP allows.
314 314 Allows a process to change its scheduling class to any scheduling class,
315 315 including the RT class.
316 316
317 +privilege PRIV_PROC_SECFLAGS
318 +
319 + Allows a process to manipulate the secflags of processes (subject to,
320 + additionally, the ability to signal that process)
321 +
317 322 basic privilege PRIV_PROC_SESSION
318 323
319 324 Allows a process to send signals or trace processes outside its
320 325 session.
321 326
322 327 unsafe privilege PRIV_PROC_SETID
323 328
324 329 Allows a process to set its uids at will.
325 330 Assuming uid 0 requires all privileges to be asserted.
326 331
327 332 privilege PRIV_PROC_TASKID
328 333
329 334 Allows a process to assign a new task ID to the calling process.
330 335
331 336 privilege PRIV_PROC_ZONE
332 337
333 338 Allows a process to trace or send signals to processes in
334 339 other zones.
335 340
336 341 privilege PRIV_SYS_ACCT
337 342
338 343 Allows a process to enable and disable and manage accounting through
339 344 acct(2), getacct(2), putacct(2) and wracct(2).
340 345
341 346 privilege PRIV_SYS_ADMIN
342 347
343 348 Allows a process to perform system administration tasks such
344 349 as setting node and domain name and specifying nscd and coreadm
345 350 settings.
346 351
347 352 privilege PRIV_SYS_AUDIT
348 353
349 354 Allows a process to start the (kernel) audit daemon.
350 355 Allows a process to view and set audit state (audit user ID,
351 356 audit terminal ID, audit sessions ID, audit pre-selection mask).
352 357 Allows a process to turn off and on auditing.
353 358 Allows a process to configure the audit parameters (cache and
354 359 queue sizes, event to class mappings, policy options).
355 360
356 361 privilege PRIV_SYS_CONFIG
357 362
358 363 Allows a process to perform various system configuration tasks.
359 364 Allows a process to add and remove swap devices; when adding a swap
360 365 device, a process must also have sufficient privileges to read from
361 366 and write to the swap device.
362 367
363 368 privilege PRIV_SYS_DEVICES
364 369
365 370 Allows a process to successfully call a kernel module that
366 371 calls the kernel drv_priv(9F) function to check for allowed
367 372 access.
368 373 Allows a process to open the real console device directly.
369 374 Allows a process to open devices that have been exclusively opened.
370 375
371 376 privilege PRIV_SYS_IPC_CONFIG
372 377
373 378 Allows a process to increase the size of a System V IPC Message
374 379 Queue buffer.
375 380
376 381 privilege PRIV_SYS_LINKDIR
377 382
378 383 Allows a process to unlink and link directories.
379 384
380 385 privilege PRIV_SYS_MOUNT
381 386
382 387 Allows filesystem specific administrative procedures, such as
383 388 filesystem configuration ioctls, quota calls and creation/deletion
384 389 of snapshots.
385 390 Allows a process to mount and unmount filesystems which would
386 391 otherwise be restricted (i.e., most filesystems except
387 392 namefs).
388 393 A process performing a mount operation needs to have
389 394 appropriate access to the device being mounted (read-write for
390 395 "rw" mounts, read for "ro" mounts).
391 396 A process performing any of the aforementioned
392 397 filesystem operations needs to have read/write/owner
393 398 access to the mount point.
394 399 Only regular files and directories can serve as mount points
395 400 for processes which do not have all zone privileges asserted.
396 401 Unless a process has all zone privileges, the mount(2)
397 402 system call will force the "nosuid" and "restrict" options, the
398 403 latter only for autofs mountpoints.
399 404 Regardless of privileges, a process running in a non-global zone may
400 405 only control mounts performed from within said zone.
401 406 Outside the global zone, the "nodevices" option is always forced.
402 407
403 408 privilege PRIV_SYS_IPTUN_CONFIG
404 409
405 410 Allows a process to configure IP tunnel links.
406 411
407 412 privilege PRIV_SYS_DL_CONFIG
408 413
409 414 Allows a process to configure all classes of datalinks, including
410 415 configuration allowed by PRIV_SYS_IPTUN_CONFIG.
411 416
412 417 privilege PRIV_SYS_IP_CONFIG
413 418
414 419 Allows a process to configure a system's IP interfaces and routes.
415 420 Allows a process to configure network parameters using ndd.
416 421 Allows a process access to otherwise restricted information using ndd.
417 422 Allows a process to configure IPsec.
418 423 Allows a process to pop anchored STREAMs modules with matching zoneid.
419 424
420 425 privilege PRIV_SYS_NET_CONFIG
421 426
422 427 Allows all that PRIV_SYS_IP_CONFIG, PRIV_SYS_DL_CONFIG, and
423 428 PRIV_SYS_PPP_CONFIG allow.
424 429 Allows a process to push the rpcmod STREAMs module.
425 430 Allows a process to INSERT/REMOVE STREAMs modules on locations other
426 431 than the top of the module stack.
427 432
428 433 privilege PRIV_SYS_NFS
429 434
430 435 Allows a process to perform Sun private NFS specific system calls.
431 436 Allows a process to bind to ports reserved by NFS: ports 2049 (nfs)
432 437 and port 4045 (lockd).
433 438
434 439 privilege PRIV_SYS_PPP_CONFIG
435 440
436 441 Allows a process to create and destroy PPP (sppp) interfaces.
437 442 Allows a process to configure PPP tunnels (sppptun).
438 443
439 444 privilege PRIV_SYS_RES_BIND
440 445
441 446 Allows a process to bind processes to processor sets.
442 447
443 448 privilege PRIV_SYS_RES_CONFIG
444 449
445 450 Allows all that PRIV_SYS_RES_BIND allows.
446 451 Allows a process to create and delete processor sets, assign
447 452 CPUs to processor sets and override the PSET_NOESCAPE property.
448 453 Allows a process to change the operational status of CPUs in
449 454 the system using p_online(2).
450 455 Allows a process to configure resource pools and to bind
451 456 processes to pools
452 457
453 458 unsafe privilege PRIV_SYS_RESOURCE
454 459
455 460 Allows a process to modify the resource limits specified
456 461 by setrlimit(2) and setrctl(2) without restriction.
457 462 Allows a process to exceed the per-user maximum number of
458 463 processes.
459 464 Allows a process to extend or create files on a filesystem that
460 465 has less than minfree space in reserve.
461 466
462 467 privilege PRIV_SYS_SMB
463 468
464 469 Allows a process to access the Sun private SMB kernel module.
465 470 Allows a process to bind to ports reserved by NetBIOS and SMB:
466 471 ports 137 (NBNS), 138 (NetBIOS Datagram Service), 139 (NetBIOS
467 472 Session Service and SMB-over-NBT) and 445 (SMB-over-TCP).
468 473
469 474 privilege PRIV_SYS_SUSER_COMPAT
470 475
471 476 Allows a process to successfully call a third party loadable module
472 477 that calls the kernel suser() function to check for allowed access.
473 478 This privilege exists only for third party loadable module
474 479 compatibility and is not used by Solaris proper.
475 480
476 481 privilege PRIV_SYS_TIME
477 482
478 483 Allows a process to manipulate system time using any of the
479 484 appropriate system calls: stime, adjtime, ntp_adjtime and
480 485 the IA specific RTC calls.
481 486
482 487 privilege PRIV_SYS_TRANS_LABEL
483 488
484 489 Allows a process to translate labels that are not dominated
485 490 by the process' sensitivity label to and from an external
486 491 string form.
487 492 This privilege is interpreted only if the system is configured
488 493 with Trusted Extensions.
489 494
490 495 privilege PRIV_VIRT_MANAGE
491 496
492 497 Allows a process to manage virtualized environments such as
493 498 xVM(5).
494 499
495 500 privilege PRIV_WIN_COLORMAP
496 501
497 502 Allows a process to override colormap restrictions.
498 503 Allows a process to install or remove colormaps.
499 504 Allows a process to retrieve colormap cell entries allocated
500 505 by other processes.
501 506 This privilege is interpreted only if the system is configured
502 507 with Trusted Extensions.
503 508
504 509 privilege PRIV_WIN_CONFIG
505 510
506 511 Allows a process to configure or destroy resources that are
507 512 permanently retained by the X server.
508 513 Allows a process to use SetScreenSaver to set the screen
509 514 saver timeout value.
510 515 Allows a process to use ChangeHosts to modify the display
511 516 access control list.
512 517 Allows a process to use GrabServer.
513 518 Allows a process to use the SetCloseDownMode request which
514 519 may retain window, pixmap, colormap, property, cursor, font,
515 520 or graphic context resources.
516 521 This privilege is interpreted only if the system is configured
517 522 with Trusted Extensions.
518 523
519 524 privilege PRIV_WIN_DAC_READ
520 525
521 526 Allows a process to read from a window resource that it does
522 527 not own (has a different user ID).
523 528 This privilege is interpreted only if the system is configured
524 529 with Trusted Extensions.
525 530
526 531 privilege PRIV_WIN_DAC_WRITE
527 532
528 533 Allows a process to write to or create a window resource that
529 534 it does not own (has a different user ID). A newly created
530 535 window property is created with the window's user ID.
531 536 This privilege is interpreted only if the system is configured
532 537 with Trusted Extensions.
533 538
534 539 privilege PRIV_WIN_DEVICES
535 540
536 541 Allows a process to perform operations on window input devices.
537 542 Allows a process to get and set keyboard and pointer controls.
538 543 Allows a process to modify pointer button and key mappings.
539 544 This privilege is interpreted only if the system is configured
540 545 with Trusted Extensions.
541 546
542 547 privilege PRIV_WIN_DGA
543 548
544 549 Allows a process to use the direct graphics access (DGA) X protocol
545 550 extensions. Direct process access to the frame buffer is still
546 551 required. Thus the process must have MAC and DAC privileges that
547 552 allow access to the frame buffer, or the frame buffer must be
548 553 allocated to the process.
549 554 This privilege is interpreted only if the system is configured
550 555 with Trusted Extensions.
551 556
552 557 privilege PRIV_WIN_DOWNGRADE_SL
553 558
554 559 Allows a process to set the sensitivity label of a window resource
555 560 to a sensitivity label that does not dominate the existing
556 561 sensitivity label.
557 562 This privilege is interpreted only if the system is configured
558 563 with Trusted Extensions.
559 564
560 565 privilege PRIV_WIN_FONTPATH
561 566
562 567 Allows a process to set a font path.
563 568 This privilege is interpreted only if the system is configured
564 569 with Trusted Extensions.
565 570
566 571 privilege PRIV_WIN_MAC_READ
567 572
568 573 Allows a process to read from a window resource whose sensitivity
569 574 label is not equal to the process sensitivity label.
570 575 This privilege is interpreted only if the system is configured
571 576 with Trusted Extensions.
572 577
573 578 privilege PRIV_WIN_MAC_WRITE
574 579
575 580 Allows a process to create a window resource whose sensitivity
576 581 label is not equal to the process sensitivity label.
577 582 A newly created window property is created with the window's
578 583 sensitivity label.
579 584 This privilege is interpreted only if the system is configured
580 585 with Trusted Extensions.
581 586
582 587 privilege PRIV_WIN_SELECTION
583 588
584 589 Allows a process to request inter-window data moves without the
585 590 intervention of the selection confirmer.
586 591 This privilege is interpreted only if the system is configured
587 592 with Trusted Extensions.
588 593
589 594 privilege PRIV_WIN_UPGRADE_SL
590 595
591 596 Allows a process to set the sensitivity label of a window
592 597 resource to a sensitivity label that dominates the existing
593 598 sensitivity label.
594 599 This privilege is interpreted only if the system is configured
595 600 with Trusted Extensions.
596 601
597 602 privilege PRIV_XVM_CONTROL
598 603
599 604 Allows a process access to the xVM(5) control devices for
600 605 managing guest domains and the hypervisor. This privilege is
601 606 used only if booted into xVM on x86 platforms.
602 607
603 608 set PRIV_EFFECTIVE
604 609
605 610 Set of privileges currently in effect.
606 611
607 612 set PRIV_INHERITABLE
608 613
609 614 Set of privileges that comes into effect on exec.
610 615
611 616 set PRIV_PERMITTED
612 617
613 618 Set of privileges that can be put into the effective set without
614 619 restriction.
615 620
616 621 set PRIV_LIMIT
617 622
618 623 Set of privileges that determines the absolute upper bound of
619 624 privileges this process and its off-spring can obtain.
|
↓ open down ↓ |
293 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX