Assume a role that includes the Device Security rights profile, or become superuser.
The Primary Administrator role includes the Device Security rights profile. You can also assign the Device Security rights profile to a role that you create. To create the role and assign the role to a user, see Example 9–3.
Add policy to a device.
# update_drv -a -p policy device-driver |
Specifies a policy for device-driver.
Is the device policy for device-driver. Device policy specifies two sets of privileges. One set is required to read the device. The other set is required to write to the device.
Is the device driver.
For more information, see the update_drv(1M) man page.
In the following example, device policy is added to the ipnat device.
# getdevpolicy /dev/ipnat /dev/ipnat read_priv_set=none write_priv_set=none # update_drv -a \ -p 'read_priv_set=net_rawaccess write_priv_set=net_rawaccess' ipnat # getdevpolicy /dev/ipnat /dev/ipnat read_priv_set=net_rawaccess write_priv_set=net_rawaccess |
In the following example, the read set of privileges is removed from the device policy for the ipnat device.
# getdevpolicy /dev/ipnat /dev/ipnat read_priv_set=net_rawaccess write_priv_set=net_rawaccess # update_drv -a -p write_priv_set=net_rawaccess ipnat # getdevpolicy /dev/ipnat /dev/ipnat read_priv_set=none write_priv_set=net_rawaccess |