Specifications
Red Hat Enterprise Linux to Oracle Solaris Porting Guide
101
TABLE A-1. ORACLE SOLARIS 11 SECURITY PRIVILEGES
PRIVILEGE NAME DESCRIPTION
PRIV_IPC_DAC_READ Allow a process to read a System V IPC message queue,
semaphore set, or shared memory segment whose permission bits
would not otherwise allow the process read permission.
PRIV_IPC_DAC_WRITE Allow a process to write a System V IPC message queue,
semaphore set, or shared memory segment whose permission bits
would not otherwise allow the process write permission.
PRIV_IPC_OWNER Allow a process that is not the owner of a System V IPC message
queue, semaphore set, or shared memory segment to remove,
change ownership of, or change the permission bits of the
message queue, semaphore set, or shared memory segment.
PRIV_NET_ACCESS Allow a process to open a TCP, UDP, SDP, or SCTP network
endpoint.
PRIV_NET_BINDMLP Allow a process to bind to a port that is configured as a multilevel
port (MLP) for the process's zone. This privilege applies to both
shared address and zone-specific address MLPs. See
tnzonecfg(4) from the Trusted Extensions manual pages for
information on configuring MLP ports.
This privilege is interpreted only if the system is configured with
Trusted Extensions.
PRIV_NET_ICMPACCESS
Allow a process to send and receive ICMP packets.
PRIV_NET_MAC_AWARE Allow a process to set the NET_MAC_AWARE process flag by using
setpflags(2)
. This privilege also allows a process to set the
SO_MAC_EXEMPT socket option by using
setsockopt(3SOCKET). The NET_MAC_AWARE process flag and
the SO_MAC_EXEMPT socket option both allow a local process to
communicate with an unlabeled peer if the local process's label
dominates the peer's default label, or if the local process runs in
the global zone.
This privilege is interpreted only if the system is configured with
Trusted Extensions.
PRIV_NET_PRIVADDR Allow a process to bind to a privileged port number. The privilege
port numbers are 1–1023 (the traditional UNIX privileged ports) as
well as those ports marked as udp/tcp_extra_priv_ports
with the exception of the ports reserved for use by NFS.
PRIV_NET_RAWACCESS
Allow a process to have direct access to the network layer.
PRIV_PROC_AUDIT Allow a process to generate audit records. Allow a process to get
its own audit pre-selection information.