These system resources enhancements are new in the Solaris Express 5/06 release.
The zonecfg command can now be used to specify the set of privileges that processes are limited to in a non-global zone.
You can do the following:
Augment the default set of privileges with the understanding that such changes might allow processes in one zone to affect processes in other zones by being able to control a global resource.
Create a zone with fewer privileges than the default, safe set.
Note the following:
Non-global zones are still booted with the standard set of safe privileges by default.
There is a set of privileges that cannot be removed from the zone's privilege set, and another set of privileges that cannot be included in the zone's privilege set.
For more information about configuring privileges for zones and zone privilege restrictions, see: