Specifications
Red Hat Enterprise Linux to Oracle Solaris Porting Guide
102
TABLE A-1. ORACLE SOLARIS 11 SECURITY PRIVILEGES
PRIVILEGE NAME DESCRIPTION
PRIV_PROC_CHROOT Allow a process to change its root directory.
PRIV_PROC_CLOCK_HIGHRES
Allow a process to use high-resolution timers.
PRIV_PROC_EXEC Allow a process to call exec(2).
PRIV_PROC_FORK Allow a process to call fork(2), fork1(2), or vfork(2).
PRIV_PROC_INFO Allow a process to examine the status of processes other than
those to which it can send signals. Processes that cannot be
examined cannot be seen in /proc and appear not to exist.
PRIV_PROC_LOCK_MEMORY
Allow a process to lock pages in physical memory.
PRIV_PROC_OWNER Allow a process to send signals to other processes and inspect and
modify the process state in other processes, regardless of
ownership. When modifying another process, additional restrictions
apply: The effective privilege set of the attaching process must be a
superset of the target process's effective, permitted, and inheritable
sets; the limit set must be a superset of the target's limit set; if the
target process has any UID set to 0, all privileges must be asserted
unless the effective UID is 0. Allow a process to bind arbitrary
processes to CPUs.
PRIV_PROC_PRIOCNTL Allow a process to elevate its priority above its current level. Allow
a process to change its scheduling class to any scheduling class,
including the RT class.
PRIV_PROC_SESSION Allow a process to send signals or trace processes outside its
session.
PRIV_PROC_SETID Allow a process to set its UIDs at will, assuming UID 0 requires all
privileges to be asserted.
PRIV_PROC_TASKID Allow a process to assign a new task ID to the calling process.
PRIV_PROC_ZONE Allow a process to trace or send signals to processes in other
zones. See zones(5)
.
PRIV_SYS_ACCT Allow a process to enable and disable and manage accounting
through
acct(2)
.
PRIV_SYS_ADMIN Allow a process to perform system administration tasks such as
setting the node and domain name and specifying coreadm(1M)
and nscd(1M) settings.