Configurable Privileges for Non-Global Zones
The limitpriv property of the zonecfg command can be used to specify the set of privileges that processes are limited to in a non-global zone.
You can do the following:
-
Augment the default set of privileges with the understanding that such changes might allow processes in one zone to affect processes in other zones by being able to control a global resource
-
Create a zone with fewer privileges than the default, safe set
For more information about configuring privileges for zones and zone privilege restrictions, see:
-
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
-
zonecfg(1M) man page
Note –
Note the following:
-
Non-global zones are still booted with the standard set of safe privileges by default.
-
One set of privileges cannot be removed from the zone's privilege set, and another set of privileges cannot be included in the zone's privilege set
- © 2010, Oracle Corporation and/or its affiliates