Mandatory Write Access Control (MWAC) implements a new policy in the Oracle Solaris operating environment, that allows for fine- grained control over the writability of objects on otherwise read-only file systems.
In the current instance of the Oracle Solaris operating environment, the kernel implements the MWAC policy for non-global and global zones preventing any overruling of the policy from within the zone.
Zones marked as read-only have their root file system write-protected by MWAC. Only the file system objects that are write-listed by the read-only-profile are writable. See zonecfg (1M). Other file system objects are read-only.
Creating links to objects that are read-only by virtue of the MWAC-policy is not allowed.
Process with the PRIV_PROC_TPD flag set are exempt from the MWAC-policy. Such process can be created by using Trusted Path login or using the –T or –U option for zlogin.
ln (1) , zlogin (1) , zoneadm (1M) , zonecfg (1M) , getpflags (2) , link (2) , pathconf (2) , tpd (5)