Solaris 10 11/06 and Later: Configurable Privileges

When a zone is booted, a default set of safe privileges is included in the configuration. These privileges are considered safe because they prevent a privileged process in the zone from affecting processes in other non-global zones on the system or in the global zone. You can use the zonecfg command to do the following:

• Add to the default set of privileges, understanding that such changes might allow processes in one zone to affect processes in other zones by being able to control a global resource.

• Remove from the default set of privileges, understanding that such changes might prevent some processes from operating correctly if they require those privileges to run.

There are a few privileges that cannot be removed from the zone's default privilege set, and there are also a few privileges that cannot be added to the set at this time.

For more information, see Privileges in a Non-Global Zone, How to Configure the Zone, and privileges(5).