How to List a Non-Global Zone's Privilege Set With Verbose Output (System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones)

System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones

How to List a Non-Global Zone's Privilege Set With Verbose Output

Use the ppriv utility with the -l option, the expression zone, and the -v option to list the zone's privileges.

Log into the non-global zone. This example uses a zone named my-zone.

At the prompt, type ppriv -l -v zone to report the set of privileges available in the zone, with a description of each privilege.

my-zone# ppriv -l -v zone

You will see a display similar to this:

contract_event
        Allows a process to request critical events without limitation.
        Allows a process to request reliable delivery of all events on
        any event queue.
contract_observer
        Allows a process to observe contract events generated by
        contracts created and owned by users other than the process's
        effective user ID.
        Allows a process to open contract event endpoints belonging to
        contracts created and owned by users other than the process's
        effective user ID.
file_chown
        Allows a process to change a file's owner user ID.
        Allows a process to change a file's group ID to one other than
        the process' effective group ID or one of the process'
        supplemental group IDs.
.
.
.