priv_desc(4)
NAME | SYNOPSIS | DESCRIPTION | FILES | ATTRIBUTES | SEE ALSO
NAME
- priv_desc- descriptions of defined privileges
SYNOPSIS
#include <tsol/priv.h>
DESCRIPTION
- Name
-
file_audit
Allows a process to get or set a file's or directory's audit preselection information. The audit preselection information may override the preselection information associated with a process' access to a file or directory. Allows a process to get or set a file's or directory's public object flag. The public object flag may override the successful read/search access preselection information associated with a process' access to a file or directory. Allows a process to write to or modify a file or directory without the file's or directory's audit preselection information or public object flag being cleared.
- Name
-
file_chown
Allows a process to change a file's owner user ID. Allows a process to change a file's group ID to one other than the process' effective group ID or one of the process' supplemental group IDs.
- Name
-
file_dac_execute
Allows a process to execute an executable file whose permission bits or ACL do not allow the process execute permission.
- Name
-
file_dac_read
Allows a process to read a file or directory whose permission bits or ACL do not allow the process read permission.
- Name
-
file_dac_search
Allows a process to search a directory whose permission bits or ACL do not allow the process search permission.
- Name
-
file_dac_write
Allows a process to write a file or directory whose permission bits or ACL do not allow the process write permission.
- Name
-
file_downgrade_sl
Allows a process to set the Sensitivity Label of a file or directory to a Sensitivity Label that does not dominate the existing Sensitivity Label.
- Name
-
file_lock
Allows a process to get accurate lock information for a file lock that it does not hold.
- Name
-
file_mac_read
Allows a process to read a file or directory whose Sensitivity Label is not dominated by the process' Sensitivity Label. Allows a process to get accurate file attributes of a file or directory whose Sensitivity Label is not dominated by the process' Sensitivity Label. Allows a process, when upgraded directory names are hidden, to get directory entries whose Sensitivity Label is not dominated by the process' Sensitivity Label.
- Name
-
file_mac_search
Allows a process to search a directory whose Sensitivity Label is not dominated by the process' Sensitivity Label.
- Name
-
file_mac_write
Allows a process to write a file or directory whose Sensitivity Label does not dominate the process' Sensitivity Label, or whose Sensitivity Label dominates the process' Clearance.
- Name
-
file_owner
Allows a process which is not the owner of a file to modify that file's access and modification times, audit preselection attributes, privileges, or downgrade labels. Allows a process which is not the owner of a directory to modify that directory's access and modification times or downgrade labels. Allows a process which is not the owner of a file or directory to remove or rename a file or directory whose parent directory has the ``save text image after execution'' (sticky) bit set. Allows a process which is not the owner of a file to mount a ``namefs'' upon that file. (Does not apply to setting access permission bits or ACLs.)
- Name
-
file_setdac
Allows a process which is not the owner of a file or directory to modify that file's or directory's permission bits or ACL.
- Name
-
file_setid
Allows a process to change the ownership of a file or write to a file without the set-user-ID and set-group-ID bits being cleared. Allows a process to set the set-user-ID bit on a file whose owner is not the process' effective user. Allows a process to set the set-group-ID bit on a file whose group is not the process' effective group or one of the process' supplemental groups.
- Name
-
file_setpriv
Allows a process to set the privilege sets on an executable file that the process owns. Allows a process to write to an executable file without the file's allowed and forced privilege sets being emptied.
- Name
-
file_upgrade_sl
Allows a process to set the Sensitivity Label of a file or directory to a Sensitivity Label that dominates the existing Sensitivity Label.
- Name
-
ipc_dac_read
Allows a process to read a System V IPC Message Queue, Semaphore Set, or Shared Memory Segment whose permission bits do not allow the process read permission.
- Name
-
ipc_dac_write
Allows a process to write a System V IPC Message Queue, Semaphore Set, or Shared Memory Segment whose permission bits do not allow the process write permission.
- Name
-
ipc_mac_write
Allows a process to write a System V IPC Message Queue, Semaphore Set, or Shared Memory Segment whose Sensitivity Label does not dominate the process' Sensitivity Label, or whose Sensitivity Label dominates the process' Clearance.
- Name
-
ipc_owner
Allows a process which is not the owner of a System V IPC Message Queue, Semaphore Set, or Shared Memory Segment to remove, change ownership of, or change permission bits of the Message Queue, Semaphore Set, or Shared Memory Segment.
- Name
-
net_broadcast
Allows a process to send broadcast or multicast packets. Because broadcast packets are delivered to all machines on the local network, they are not labeled.
- Name
-
net_downgrade_sl
Allows a process to specify a Sensitivity Label for data being written or to set the network endpoint default Sensitivity Label to an Sensitivity Label which does not dominate the process' Sensitivity Label.
- Name
-
net_mac_read
Allows a process to bind to or accept with a multi-level port. Binding to a multi-level port allows the process to read all data sent to that port socket for which there is not a bound single level port that matches the Sensitivity Label of the data. Accepting with a multi-level port allows a process to receive all data sent to that connected port. (There can be no single level connected port for the accept to succeed.) Allows a process to create a multi-level RPC port mapping.
- Name
-
net_privaddr
Allows a process to bind to a privileged port number. The privilege port numbers are 1-1023 (the traditional UNIX privileged ports) and 6000-6002 (the XSun server ports). Privileged port numbers include the Internet reserved (well known) port numbers.
- Name
-
net_rawaccess
Allows a process to have direct access to the network layer. Direct access to the network layer bypasses network labeling. Auditing is not bypassed.
- Name
-
net_reply_equal
Allows a process to reply with the Sensitivity Label of the last packet received rather than its own Sensitivity Label. A combination of net_mac_read and net_reply_equal allow unmodified programs to successfully receive and reply at all Sensitivity Labels. This privilege exists for unmodified program compatibility and is not used by modified Trusted Solaris programs.
- Name
-
net_setclr
Allows a process to specify a Clearance for data being written or to set the network endpoint default Clearance to a value different from the process' Clearance.
- Name
-
net_setid
Allows a process to specify an effective user ID, effective group ID, or set of supplemental groups for data being written or to set the network endpoint default effective user ID, effective group ID, or set of supplemental groups to values different from the process' values. Allows a process which is not the owner of a RPC port mapping to remove the mapping.
- Name
-
net_setpriv
Allows a process to specify the effective privilege set for data being written or to set the network endpoint default effective privilege set to privileges contained in the process' permitted privilege set.
- Name
-
net_upgrade_sl
Allows a process to specify a Sensitivity Label for data being written or to set the network endpoint default Sensitivity Label to a Sensitivity Label which dominates the process' Sensitivity Label.
- Name
-
proc_audit_appl
Allows a process to generate audit records with an audit event outside the Trusted Solaris TCB event number range. Allows a process to get its own audit preselection information.
- Name
-
proc_audit_tcb
Allows a process to generate audit records with an audit event within the Trusted Solaris TCB event number range. Allows a process to get its own audit preselection information.
- Name
-
proc_chroot
Allows a process to change its root directory.
- Name
-
proc_debug_nontranquil
Allows a process to retain access to a process object when that process object changes its Sensitivity Label. Mandatory Access Control is enforced on the new Sensitivity Label.
Note -This privilege is intended to be used to debug processes that change their Sensitivity Labels and not for other purposes.
- Name
-
proc_dumpcore
Allows a TCB process to execute a new program which is set-user-ID, set-group-ID, or permits the use of privilege to have a ``core'' file created for it when taking the default action for SIGQUIT, SIGILL, SIGTRAP, SIGABRT, SIGEMT, SIGFPE, SIGBUS, SIGSEGV, SIGSYS, SIGXCPU, or SIGXFSZ signals. Allows a TCB process to have a ``core'' file created for it when taking the default action for SIGQUIT, SIGILL, SIGTRAP, SIGABRT, SIGEMT, SIGFPE, SIGBUS, SIGSEGV, SIGSYS, SIGXCPU, or SIGXFSZ signals.
- Name
-
proc_mac_read
Allows a process to read another process whose Sensitivity Label is not dominated by the reading process' Sensitivity Label.
- Name
-
proc_mac_write
Allows a process to write another process whose Sensitivity Label does not dominate the writing process' Sensitivity Label, or whose Sensitivity Label dominates the writing process' Clearance.
- Name
-
proc_nodelay
Allows a process to not be delayed when doing operations that are identified as covert channels.
- Name
-
proc_owner
Allows a process to read from and write to another process with a different process owner. Allows a process to bind a process to a CPU with a different process owner. Allows a process to open a process whose program file is set-user-ID or set-group-ID, or has the use of privilege.
- Name
-
proc_setclr
Allows a process to set its Clearance to a Clearance that is not equal to the process' current Clearance.
- Name
-
proc_setid
Allows a process to set its user or group IDs to one different from its current effective, real, or saved IDs. Allows a process to set its supplemental group IDs. Allows a process to set the process group of a controlling terminal to one not in the process' process group. Allows a process to set the window size on a terminal not in its session.
- Name
-
proc_setsl
Allows a process to set its Sensitivity Label to a Sensitivity Label that is not equal to the process' current Sensitivity Label.
- Name
-
proc_tranquil
Allows a process to set the Sensitivity Label of an object to a Sensitivity Label that is not equal to the current Sensitivity Label when the object is in use by another process.
- Name
-
sys_audit
Allows a process to start the (kernel) audit daemon. Allows a process to view and set the audit state (audit user ID, audit terminal ID, audit session ID, audit preselection mask). Allows a process to turn off and on auditing. Allows a process to configure the audit parameters (cache and queue sizes, event to class mappings, policy options).
- Name
-
sys_boot
Allows a process to halt, re-boot, or suspend a Trusted Solaris machine.
- Name
-
sys_config
Allows a process to lock into memory and unlock from memory a memory mapped file or Shared Memory Segment. Allows a process to change the scheduling priority of a process not owned by this process, or increase this process' priority. Allows a process to increase its resource or process limits. Allows a process to set the ``save text image after execution'' (sticky) bit on executable files. Allows a process to turn on and off accounting. Allows a process to change the machine time of day clock. Allows a process to change the machine high resolution timer clock. Allows a process to reconfigure scheduling classes. Allows a process to create and delete (hard) links to directories. Allows a process to place a processor on-line or off-line. Allows a process to modify kernel driver statistics values.
- Name
-
sys_console
Allows a process to redirect console output to another device.
- Name
-
sys_devices
Allows a process to create device special files. Allows a process to use mknod(2) to create directory and regular files. Allows a process to revoke all access to a device special file. Allows a process to reassign a controlling terminal from one process to another. Allows a process to open a terminal already exclusively opened. Allows a process to revoke access to its controlling terminal. Allows a process to enable or disable keyboard abort processing. Allows a process to map frame buffer devices into its address space. Allows a process to enable or disable a disk's write-check capability. Allows a process to load a kernel loadable driver. Allows a process to control the Floating Point Accelerator. Allows a process to configure autopush STREAMS modules. Allows a process to configure the device driver policy table. Allows a process to successfully call a third party loadable module that calls DDI drv_priv.
- Name
-
sys_fs_config
Allows a process to manipulate filesystem locks. Allows a process to set/clear the automatic update (delayed I/O) state of a filesystem. Allows a process to get meta disk allocation information. Allows a process to open a specified inode in a filesystem. Allows a process to set the last access time of a file system object.
- Name
-
sys_ipc_config
Allows a process to increase the size of a System V IPC Message Queue buffer.
- Name
-
sys_maxproc
Allows a process to create processes when the maximum number of processes for this process' owning user is exceeded. Allows a process to create the last available process in the system.
- Name
-
sys_minfree
Allows a process to write to a filesystem whose available storage space is below the minimum allowed.
- Name
-
sys_mount
Allows a process to mount filesystems which are restricted from being freely mounted. Such filesystems include those of type ufs, nfs, tmpfs, procfs, ... Allows a process to remount the root filesystem. Allows a process to add and remove swap filesystems. Allows a process to determine the users of a filesystem.
- Name
-
sys_net_config
Allows a process to configure a machine's network interfaces and routes. Allows a process to set a machine's host and domain names. Allows a process to set a machine's kerberos realm. Allows a process to load and unload host type, accreditation, and default information. Allows a process direct access to network devices. Allows a process to set endpoint names. Allows a process to use the rpcmod STREAMS module.
- Name
-
sys_nfs
Allows a process to start a kernel NFS daemon. Allows a process to start and stop a kernel NFS lock manager daemon. Allows a process to export directories for use by NFS clients. Allows a process to retrieve the NFS file handle for a path name. Allows a process to revoke NFS RPC credentials for a client it does not own.
- Name
-
sys_suser_compat
Allows a process to successfully call a third party loadable module that calls the kernel suser() function to check for allowed access. This privilege exists only for third party loadable module compatibility and is not used by Trusted Solaris.
- Name
-
sys_system_door
Allows a process to create a door that can be opened by processes at any Sensitivity Label.
- Name
-
sys_trans_label
Allows a process to translate labels to and from ``external string form'' that are not dominated by the process' Sensitivity Label.
- Name
-
win_colormap
Allows a process to override colormap restrictions. Allows a process to install or remove colormaps. Allows a process to retrieve colormap cell entries allocated by other processes.
- Name
-
win_config
Allows a process to configure or destroy resources that are permanently retained by the X server. Allows a process to use SetScreenSaver to set the screen saver timeout value. Allows a process to use ChangeHosts to modify the display access control list. Allows a process to use GrabServer. Allows a process to use the SetCloseDownMode request which may retain window, pixmap, colormap, property, cursor, font, or graphic context resources.
- Name
-
win_dac_read
Allows a process to read from a window resource that it does not own (has a different user ID.
- Name
-
win_dac_write
Allows a process to write to or create a window resource that it does not own (has a different user ID). A newly created window property is created with the window's user ID.
- Name
-
win_devices
Allows a process to perform operations on window input devices. Allows a process to get and set keyboard and pointer controls. Allows a process to modify pointer button and key mappings.
- Name
-
win_dga
Allows a process to use the direct graphics access (DGA) X protocol extensions. Direct process access to the frame buffer is still required. Thus the process must have MAC and DAC privileges that allow access to the frame buffer, or the frame buffer must be allocated to the process.
- Name
-
win_downgrade_sl
Allows a process to set the Sensitivity Label of a window resource to a Sensitivity Label that does not dominate the existing Sensitivity Label.
- Name
-
win_fontpath
Allows a process to set a font path.
- Name
-
win_mac_read
Allows a process to read from a window resource whose Sensitivity Label is not equal to the process Sensitivity Label.
- Name
-
win_mac_write
Allows a process to write to create a window resource whose Sensitivity Label is not equal to the process Sensitivity Label. A newly created window property is created with the window's Sensitivity Label.
- Name
-
win_selection
Allows a process to request inter-window data moves without the intervention of the selection arbitrator.
- Name
-
win_upgrade_sl
Allows a process to set the Sensitivity Label of a window resource to a Sensitivity Label that dominates the existing Sensitivity Label.
Every defined privilege has a manifest constant for use in programs, a name for use in user interfaces, and a description displayed by certain administrative tools. When a process has a privilege in its effective set, that process has the power to bypass security policy and perform the task allowed by that privilege.
Privilege Descriptions
The following section gives the manifest constant, name, and description for each privilege defined on this system.
PRIV_FILE_AUDIT
PRIV_FILE_CHOWN
PRIV_FILE_DAC_EXECUTE
PRIV_FILE_DAC_READ
PRIV_FILE_DAC_SEARCH
PRIV_FILE_DAC_WRITE
PRIV_FILE_DOWNGRADE_SL
PRIV_FILE_FILE_LOCK
PRIV_FILE_MAC_READ
PRIV_FILE_MAC_SEARCH
PRIV_FILE_MAC_WRITE
PRIV_FILE_OWNER
PRIV_FILE_SETDAC
PRIV_FILE_SETID
PRIV_FILE_SETPRIV
PRIV_FILE_UPGRADE_SL
PRIV_IPC_DAC_READ
PRIV_IPC_DAC_WRITE
PRIV_IPC_MAC_WRITE
PRIV_IPC_OWNER
PRIV_NET_BROADCAST
PRIV_NET_DOWNGRADE_SL
PRIV_NET_MAC_READ
PRIV_NET_PRIVADDR
PRIV_NET_RAWACCESS
PRIV_NET_REPLY_EQUAL
PRIV_NET_SETCLR
PRIV_NET_SETID
PRIV_NET_SETPRIV
PRIV_NET_UPGRADE_SL
PRIV_PROC_AUDIT_APPL
PRIV_PROC_AUDIT_TCB
PRIV_PROC_CHROOT
PRIV_PROC_DEBUG_NONTRANQUIL
PRIV_PROC_DUMPCORE
PRIV_PROC_MAC_READ
PRIV_PROC_MAC_WRITE
PRIV_PROC_NODELAY
PRIV_PROC_OWNER
PRIV_PROC_SETCLR
PRIV_PROC_SETID
PRIV_PROC_SETSL
PRIV_PROC_TRANQUIL
PRIV_SYS_AUDIT
PRIV_SYS_BOOT
PRIV_SYS_CONFIG
PRIV_SYS_CONSOLE
PRIV_SYS_DEVICES
PRIV_SYS_FS_CONFIG
PRIV_SYS_IPC_CONFIG
PRIV_SYS_MAXPROC
PRIV_SYS_MINFREE
PRIV_SYS_MOUNT
PRIV_SYS_NET_CONFIG
PRIV_SYS_NFS
PRIV_SYS_SUSER_COMPAT
PRIV_SYS_SYSTEM_DOOR
PRIV_SYS_TRANS_LABEL
PRIV_WIN_COLORMAP
PRIV_WIN_CONFIG
PRIV_WIN_DAC_READ
PRIV_WIN_DAC_WRITE
PRIV_WIN_DEVICES
PRIV_WIN_DGA
PRIV_WIN_DOWNGRADE_SL
PRIV_WIN_FONTPATH
PRIV_WIN_MAC_READ
PRIV_WIN_MAC_WRITE
PRIV_WIN_SELECTION
PRIV_WIN_UPGRADE_SL
FILES
- /usr/lib/tsol/locale/locale/priv_name
-
Privileges descriptions
- </usr/include/sys/tsol/priv_names.h>
-
Manifest constant and ID value definitions
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|---|---|
| Availability | SUNWtsu |
SEE ALSO
Trusted Solaris 8 4/01 Reference Manual
Intro(2), getfpriv(2), setfpriv(2), priv_to_str(3TSOL), set_effective_priv(3TSOL), priv_name(4), priv_macros(5)
Trusted Solaris administrator's document set, Trusted Solaris Developer's Guide
SunOS 5.8 Reference Manual
NAME | SYNOPSIS | DESCRIPTION | FILES | ATTRIBUTES | SEE ALSO
- © 2010, Oracle Corporation and/or its affiliates