man pages section 5: Standards, Environments, and Macros

Exit Print View

Updated: July 2014
 
 

mwac(5)

Name

mwac, MWAC - Mandatory Write Access Control

Description

Mandatory Write Access Control (MWAC) implements a new policy in the Oracle Solaris operating environment, that allows for fine- grained control over the writability of objects on otherwise read-only file systems.

In the current instance of the Oracle Solaris operating environment, the kernel implements the MWAC policy for non-global and global zones preventing any overruling of the policy from within the zone.

Zones marked as read-only have their root file system write-protected by MWAC. Only the file system objects that are write-listed by the read-only-profile are writable. See zonecfg (1M). Other file system objects are read-only.

Creating links to objects that are read-only by virtue of the MWAC-policy is not allowed.

Process with the PRIV_PROC_TPD flag set are exempt from the MWAC-policy. Such process can be created by using Trusted Path login or using the –T or –U option for zlogin.

See also

ln (1) , zlogin (1) , zoneadm (1M) , zonecfg (1M) , getpflags (2) , link (2) , pathconf (2) , tpd(5)