Processes are restricted to a subset of privileges. Privilege restriction prevents a zone from performing operations that might affect other zones. The set of privileges limits the capabilities of privileged users within the zone.
Default, required default, optional, and prohibited privileges are defined by each brand. You can also add or remove certain privileges by using the limitpriv property as shown in Step 8 of How to Configure, Verify, and Commit the lx Branded Zone. The table Table 26–1 lists all of the Solaris privileges and the status of each privilege with respect to zones.
For more information about privileges, see the ppriv(1) man page and System Administration Guide: Security Services.