Go to main content

man pages section 7: Standards, Environments, Macros, Character Sets, and Miscellany

Exit Print View

Updated: Wednesday, July 27, 2022



mwac, MWAC - Mandatory Write Access Control


Mandatory Write Access Control (MWAC) implements a new policy in the Oracle Solaris operating system that allows for fine-grained control over the writability of objects on otherwise read-only file systems.

In the current instance of the Oracle Solaris operating system, the kernel implements the MWAC policy for non-global and global zones preventing any overruling of the policy from within the zone.

Zones marked as read-only have their root file system write-protected by MWAC. Only the file system objects that are write-listed by the read-only-profile are writable. See zonecfg(8). Other file system objects are read-only.

Creating links to objects that are read-only by virtue of the MWAC-policy is not allowed.

Process with the PRIV_PROC_TPD flag set are exempt from the MWAC-policy. Such process can be created by using Trusted Path login or using the –T or –U option for zlogin.

See Also

ln(1), getpflags(2), link(2), pathconf(2), tpd(7), zoneadm(8), zonecfg(8)