The Trusted Solaris environment provides more than 80 privileges that you can apply to applications to override security policy. For a complete list of privileges, see the priv_desc(4) man page. The privileges provided fall into the categories shown in the following table.
Table 1-4 Privilege Categories
Privilege Category |
Summary |
Example Privileges in the Category |
---|---|---|
For overriding file system restrictions on user and group IDs, access permissions, labeling, ownership, and file privilege sets |
|
|
For overriding restrictions on message queues, semaphore sets, or shared memory regions |
|
|
For overriding restrictions on reserved port binding or binding to a multilevel port, sending broadcast messages, or specifying security attributes (such as labels, privileges on a message, or network endpoint defaults) |
|
|
For overriding restrictions on auditing, labeling, covert channel delays, ownership, clearance, user IDs, or group IDs |
|
|
For overriding restrictions on auditing, system booting, system configuration management, console output redirection, device management, file systems, creating hard links to directories, increasing message queue size, increasing the number of processes, system network configuration, third-party loadable modules, or label translation |
|
|
For overriding restrictions on colormaps, reading to and writing from windows, input devices, labeling, font paths, moving data between windows, X server resource management, or direct graphics access (DGA) X protocol extensions |
|