Lines Matching refs:to
4 * The contents of this file are subject to the terms of the
29 # Privileges can be added to this file at any location, not
30 # necessarily at the end. For patches, it is probably best to
37 Allows a process to request critical events without limitation.
38 Allows a process to request reliable delivery of all events on
43 Allows a process to set the service FMRI value of a process
48 Allows a process to observe contract events generated by
51 Allows a process to open contract event endpoints belonging to
57 Allow a process to access per-CPU hardware performance counters.
66 Allows process-level tracing probes to be placed and enabled in
67 processes to which the user has permissions.
72 Allows use of the syscall and profile DTrace providers to
73 examine processes to which the user has permissions.
77 Allows a process to change a file's owner user ID.
78 Allows a process to change a file's group ID to one other than
84 Allows a process to give away its files; a process with this
90 Allows a process to execute an executable file whose permission
95 Allows a process to read a file or directory whose permission
100 Allows a process to search a directory whose permission bits or
105 Allows a process to write a file or directory whose permission
107 In order to write files owned by uid 0 in the absence of an
112 Allows a process to set the sensitivity label of a file or
113 directory to a sensitivity label that does not dominate the
120 Allows a process to set immutable, nounlink or appendonly
125 Allows a process to create hardlinks to files owned by a uid
131 to perform the following operations that are normally permitted
141 Allows a process to read objects in the filesystem.
145 Allows a process to change the ownership of a file or write to
148 Allows a process to set the set-group-ID bit on a file or
151 Allows a process to set the set-user-ID bit on a file with
158 Allows a process to set the sensitivity label of a file or
159 directory to a sensitivity label that dominates the existing
166 Allows a process to modify objects in the filesystem.
170 Allows a process to make privileged ioctls to graphics devices.
171 Typically only xserver process needs to have this privilege.
172 A process with this privilege is also allowed to perform
177 Allows a process to perform privileged mappings through a
182 Allows a process to read a System V IPC
185 Allows a process to read remote shared memory whose
190 Allows a process to write a System V IPC
193 Allows a process to read remote shared memory whose
201 V IPC Message Queue, Semaphore Set, or Shared Memory Segment to
209 Allows a process to open a TCP, UDP, SDP or SCTP network endpoint.
213 Allow a process to bind to a port that is configured as a
215 applies to both shared address and zone-specific address MLPs.
223 Allows a process to send and receive ICMP packets.
227 Allows a process to set NET_MAC_AWARE process flag by using
228 setpflags(2). This privilege also allows a process to set
231 option both allow a local process to communicate with an
240 Allows a process to set SO_MAC_IMPLICIT option by using
241 setsockopt(3SOCKET). This allows a privileged process to
242 transmit implicitly-labeled packets to a peer.
248 Allows a process to access /dev/lo0 and the devices in /dev/ipnet/
249 while not requiring them to need PRIV_NET_RAWACCESS.
253 Allows a process to bind to a privileged port
261 Allows a process to have direct access to the network layer.
265 Allows a process to generate audit records.
266 Allows a process to get its own audit pre-selection information.
270 Allows a process to change its root directory.
274 Allows a process to use high resolution timers.
278 Allows a process to call execve().
282 Allows a process to call fork1()/forkall()/vfork()
286 Allows a process to examine the status of processes other
287 than those it can send signals to. Processes which cannot
288 be examined cannot be seen in /proc and appear not to exist.
292 Allows a process to lock pages in physical memory.
296 Allows a process to access physical memory information.
300 Allows a process to send signals to other processes, inspect
301 and modify process state to other processes regardless of
307 has any uid set to 0 all privilege must be asserted unless the
309 Allows a process to bind arbitrary processes to CPUs.
313 Allows a process to elevate its priority above its current level.
318 Allows a process to change its scheduling class to any scheduling class,
323 Allows a process to manipulate the secflags of processes (subject to,
324 additionally, the ability to signal that process)
328 Allows a process to send signals or trace processes outside its
333 Allows a process to set its uids at will.
334 Assuming uid 0 requires all privileges to be asserted.
338 Allows a process to assign a new task ID to the calling process.
342 Allows a process to trace or send signals to processes in
347 Allows a process to enable and disable and manage accounting through
352 Allows a process to perform system administration tasks such
358 Allows a process to start the (kernel) audit daemon.
359 Allows a process to view and set audit state (audit user ID,
361 Allows a process to turn off and on auditing.
362 Allows a process to configure the audit parameters (cache and
363 queue sizes, event to class mappings, policy options).
367 Allows a process to perform various system configuration tasks.
368 Allows a process to add and remove swap devices; when adding a swap
369 device, a process must also have sufficient privileges to read from
370 and write to the swap device.
374 Allows a process to successfully call a kernel module that
375 calls the kernel drv_priv(9F) function to check for allowed
377 Allows a process to open the real console device directly.
378 Allows a process to open devices that have been exclusively opened.
382 Allows a process to increase the size of a System V IPC Message
387 Allows a process to unlink and link directories.
394 Allows a process to mount and unmount filesystems which would
397 A process performing a mount operation needs to have
398 appropriate access to the device being mounted (read-write for
401 filesystem operations needs to have read/write/owner
402 access to the mount point.
414 Allows a process to configure IP tunnel links.
418 Allows a process to configure all classes of datalinks, including
423 Allows a process to configure a system's IP interfaces and routes.
424 Allows a process to configure network parameters using ndd.
425 Allows a process access to otherwise restricted information using ndd.
426 Allows a process to configure IPsec.
427 Allows a process to pop anchored STREAMs modules with matching zoneid.
433 Allows a process to push the rpcmod STREAMs module.
434 Allows a process to INSERT/REMOVE STREAMs modules on locations other
439 Allows a process to perform Sun private NFS specific system calls.
440 Allows a process to bind to ports reserved by NFS: ports 2049 (nfs)
445 Allows a process to create and destroy PPP (sppp) interfaces.
446 Allows a process to configure PPP tunnels (sppptun).
450 Allows a process to bind processes to processor sets.
455 Allows a process to create and delete processor sets, assign
456 CPUs to processor sets and override the PSET_NOESCAPE property.
457 Allows a process to change the operational status of CPUs in
459 Allows a process to configure resource pools and to bind
460 processes to pools
464 Allows a process to modify the resource limits specified
466 Allows a process to exceed the per-user maximum number of
468 Allows a process to extend or create files on a filesystem that
473 Allows a process to access the Sun private SMB kernel module.
474 Allows a process to bind to ports reserved by NetBIOS and SMB:
480 Allows a process to successfully call a third party loadable module
481 that calls the kernel suser() function to check for allowed access.
487 Allows a process to manipulate system time using any of the
493 Allows a process to translate labels that are not dominated
494 by the process' sensitivity label to and from an external
501 Allows a process to manage virtualized environments such as
506 Allows a process to override colormap restrictions.
507 Allows a process to install or remove colormaps.
508 Allows a process to retrieve colormap cell entries allocated
515 Allows a process to configure or destroy resources that are
517 Allows a process to use SetScreenSaver to set the screen
519 Allows a process to use ChangeHosts to modify the display
521 Allows a process to use GrabServer.
522 Allows a process to use the SetCloseDownMode request which
530 Allows a process to read from a window resource that it does
537 Allows a process to write to or create a window resource that
545 Allows a process to perform operations on window input devices.
546 Allows a process to get and set keyboard and pointer controls.
547 Allows a process to modify pointer button and key mappings.
553 Allows a process to use the direct graphics access (DGA) X protocol
554 extensions. Direct process access to the frame buffer is still
556 allow access to the frame buffer, or the frame buffer must be
557 allocated to the process.
563 Allows a process to set the sensitivity label of a window resource
564 to a sensitivity label that does not dominate the existing
571 Allows a process to set a font path.
577 Allows a process to read from a window resource whose sensitivity
578 label is not equal to the process sensitivity label.
584 Allows a process to create a window resource whose sensitivity
585 label is not equal to the process sensitivity label.
593 Allows a process to request inter-window data moves without the
600 Allows a process to set the sensitivity label of a window
601 resource to a sensitivity label that dominates the existing
608 Allows a process access to the xVM(7) control devices for