The limitpriv property is used to specify a privilege mask other than the predefined default set. When a zone is booted, a default set of privileges is included in the brand configuration. These privileges are considered safe because they prevent a privileged process in the zone from affecting processes in other non-global zones on the system or in the global zone. You can use the limitpriv property to do the following:
Add to the default set of privileges, understanding that such changes might allow processes in one zone to affect processes in other zones by being able to control a global resource.
Remove from the default set of privileges, understanding that such changes might prevent some processes from operating correctly if they require those privileges to run.
There are a few privileges that cannot be removed from the zone's default privilege set, and there are also a few privileges that cannot be added to the set at this time.
For more information, see Privileges Defined in lx Branded Zones, Privileges in a Non-Global Zone and privileges(5).