The interfaces listed below have code paths which check for the sys_suser_compat
privilege instead of the proper privilege.
LOG_FLUSH, SVCPOOL_CREATE opcodes for NFSSYS().
Creation/deletion of a ufs file system snapshot via the _FIOSNAPSHOTCREATE and _FIOSNAPSHOTDELETE ioctl commands.
Many of the power-management ioctls. These are nominally used by /usr/sbin/pmconfig, and include the following ioctls:
PM_SET_THRESHOLD
PM_SET_CUR_PWRPM_ADD_DEP
PM_REM_DEVICES
PM_SET_DEVICE_THRESHOLD
PM_SET_SYSTEM_THRESHOLD
PM_START_PM
PM_STOP_PM
PM_RESET_PM
PM_DIRECT_PM
PM_RESET_DEVICE_THRESHOLD
PM_SET_COMPONENT_THRESHOLDS
PM_IDLE_DOWN
PM_ADD_DEPENDENT
PM_ADD_DEPENDENT_PROPERTY
The PPMIOCSET ioctl for power management.
Workaround: These interfaces may need to be invoked with the PRIV_SUSER_COMPAT
privilege. This can be accomplished via profiles by using an exec_attr entry specifying this privilege.