System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones

Configurable Privileges in an lx Branded Zone

The limitpriv property is used to specify a privilege mask other than the predefined default set. When a zone is booted, a default set of privileges is included in the brand configuration. These privileges are considered safe because they prevent a privileged process in the zone from affecting processes in other non-global zones on the system or in the global zone. You can use the limitpriv property to do the following:

Note –

There are a few privileges that cannot be removed from the zone's default privilege set, and there are also a few privileges that cannot be added to the set at this time.

For more information, see Privileges Defined in lx Branded Zones, Privileges in a Non-Global Zone and privileges(5).