|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library|
The following task map points to device configuration procedures that are related to device policy.
% getdevpolicy | more DEFAULT read_priv_set=none write_priv_set=none ip:* read_priv_set=net_rawaccess write_priv_set=net_rawaccess …
Example 5-1 Viewing the Device Policy for a Specific Device
In this example, the device policy for three devices is displayed.
% getdevpolicy /dev/allkmem /dev/ipsecesp /dev/bge /dev/allkmem read_priv_set=all write_priv_set=all /dev/ipsecesp read_priv_set=sys_net_config write_priv_set=sys_net_config /dev/bge read_priv_set=net_rawaccess write_priv_set=net_rawaccess
By default, the as audit class includes the AUE_MODDEVPLCY audit event.
Before You Begin
You must become an administrator who is assigned the Audit Configuration rights profile. For more information, see How to Use Your Assigned Administrative Rights.
# auditconfig -getflags current-flags # auditconfig -setflags current-flags,as
For detailed instructions, see How to Preselect Audit Classes.
Applications that retrieve Oracle Solaris IP MIB-II information should open /dev/arp, not /dev/ip.
% getdevpolicy /dev/ip /dev/arp /dev/ip read_priv_set=net_rawaccess write_priv_set=net_rawaccess /dev/arp read_priv_set=none write_priv_set=none
Note that the net_rawaccess privilege is required for reading and writing to /dev/ip. No privileges are required for /dev/arp.
No privileges are required. This method is equivalent to opening /dev/ip and pushing the arp, tcp and udp modules. Because opening /dev/ip now requires a privilege, the /dev/arp method is preferred.