- Mandatory Write Access Control
Mandatory Write Access Control (MWAC) implements a new policy in the Oracle Solaris operating environment, that allows for fine- grained control over the writability of objects on otherwise read-only file systems.
In the current instance of the Oracle Solaris operating environment, MWAC is available only to non-global zones. The global zone implements the MWAC policy for non-global zones, preventing any overruling of the policy from within the non-global zone.
Zones marked as read-only have their root file system write-protected by MWAC. Only the file system objects that are write-listed by the read-only-profile are writable. See zonecfg(1M). Other file system objects are read-only.
Creating links to objects that are read-only by virtue of the MWAC-policy is not allowed.