HP-UX Containers (SRP) A.03.01.004 Release Notes (5992-5696, September 2012)
14
return an error. The following privileges (see privileges(5)) are disallowed within a system
container:
ACCOUNTING
Allows a process to control the process accounting system. Example: acct(1M), acctsh(1M)
AUDCONTROL
Allows a process to start, modify, and stop the auditing system. Example: audsys(1M)
CHANGECMPT
Grants a process the ability to change its compartment. Example: privrun (1M)
CMPTREAD
Allows a process to open a file or directory for reading, executing, or searching, bypassing
compartment rules.
CMPTWRITE
Allows a process to write to a file or directory, bypassing compartment rules.
COMMALLOWED
Allows a process to override compartment rules in the IPC and network subsystems.
CORESYSATTR
Allows a process to manage system attributes such as kernel tunables and system time.
Example: kctune(1M), date(1M)
DLKM
Allows a process to load a kernel module, change the global search path for DLKM.
Example: kcmodule(1M)
FSS, FSSTHREAD
Allows a process/thread to configure fair share scheduler.
MKNOD
Allows a process to create character or block special files. Example: mknod(1M)
MPCTL
Allows a process to change processor binding, locality domain binding,
or launch policy of a process.
NETADMIN
Allows a process to perform network administrative operations such as configuring IP
address and routing tables. Example: Add, delete, update options of ifconfig(1M),
netstat(1M), route(1M)
NETPROMISCUOUS
Allows a process to configure an interface to listen in promiscuous mode.
Example: tcpdump
PSET
Allows change to the system pset configuration.
RDEVOPS
Allows a process to do device specific administrative operations such as tape or disk