The limitpriv property of the zonecfg command can be used to specify the set of privileges that processes are limited to in a non-global zone.
You can do the following:
Augment the default set of privileges with the understanding that such changes might allow processes in one zone to affect processes in other zones by being able to control a global resource
Create a zone with fewer privileges than the default, safe set
For more information about configuring privileges for zones and zone privilege restrictions, see:
zonecfg(1M) man page
Note the following:
Non-global zones are still booted with the standard set of safe privileges by default.
One set of privileges cannot be removed from the zone's privilege set, and another set of privileges cannot be included in the zone's privilege set