Print this page 
uts: add a concept of a 'default' set of privileges, separate from 'basic'


 291 
 292         Allows a process to lock pages in physical memory.
 293 
 294 privilege PRIV_PROC_MEMINFO
 295 
 296         Allows a process to access physical memory information.
 297 
 298 privilege PRIV_PROC_OWNER
 299 
 300         Allows a process to send signals to other processes, inspect
 301         and modify process state to other processes regardless of
 302         ownership.  When modifying another process, additional
 303         restrictions apply:  the effective privilege set of the
 304         attaching process must be a superset of the target process'
 305         effective, permitted and inheritable sets; the limit set must
 306         be a superset of the target's limit set; if the target process
 307         has any uid set to 0 all privilege must be asserted unless the
 308         effective uid is 0.
 309         Allows a process to bind arbitrary processes to CPUs.
 310 
 311 privilege PRIV_PROC_PRIOUP

 312 
 313         Allows a process to elevate its priority above its current level.
 314 
 315 privilege PRIV_PROC_PRIOCNTL
 316 
 317         Allows all that PRIV_PROC_PRIOUP allows.
 318         Allows a process to change its scheduling class to any scheduling class,
 319         including the RT class.
 320 
 321 basic privilege PRIV_PROC_SESSION
 322 
 323         Allows a process to send signals or trace processes outside its
 324         session.
 325 
 326 unsafe privilege PRIV_PROC_SETID
 327 
 328         Allows a process to set its uids at will.
 329         Assuming uid 0 requires all privileges to be asserted.
 330 
 331 privilege PRIV_PROC_TASKID




 291 
 292         Allows a process to lock pages in physical memory.
 293 
 294 privilege PRIV_PROC_MEMINFO
 295 
 296         Allows a process to access physical memory information.
 297 
 298 privilege PRIV_PROC_OWNER
 299 
 300         Allows a process to send signals to other processes, inspect
 301         and modify process state to other processes regardless of
 302         ownership.  When modifying another process, additional
 303         restrictions apply:  the effective privilege set of the
 304         attaching process must be a superset of the target process'
 305         effective, permitted and inheritable sets; the limit set must
 306         be a superset of the target's limit set; if the target process
 307         has any uid set to 0 all privilege must be asserted unless the
 308         effective uid is 0.
 309         Allows a process to bind arbitrary processes to CPUs.
 310 
 311 # XXX: This is made default merely for test purposes.  DO NOT LEAVE HERE
 312 default privilege PRIV_PROC_PRIOUP
 313 
 314         Allows a process to elevate its priority above its current level.
 315 
 316 privilege PRIV_PROC_PRIOCNTL
 317 
 318         Allows all that PRIV_PROC_PRIOUP allows.
 319         Allows a process to change its scheduling class to any scheduling class,
 320         including the RT class.
 321 
 322 basic privilege PRIV_PROC_SESSION
 323 
 324         Allows a process to send signals or trace processes outside its
 325         session.
 326 
 327 unsafe privilege PRIV_PROC_SETID
 328 
 329         Allows a process to set its uids at will.
 330         Assuming uid 0 requires all privileges to be asserted.
 331 
 332 privilege PRIV_PROC_TASKID