blob: 184ac3454dca4e6c1dbdb30c4d46fe31405ddfec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
#
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#ident "%Z%%M% %I% %E% SMI"
#
# Device policy configuration file. When devices are opened the
# additional access controls in this file are enforced.
#
# The format of this file is subject to change without notice.
#
# Default open privileges, must be first entry in the file.
#
* read_priv_set=none write_priv_set=none
#
# Kernel memory devices.
#
mm:allkmem read_priv_set=all write_priv_set=all
mm:kmem read_priv_set=none write_priv_set=all
mm:mem read_priv_set=none write_priv_set=all
sad:admin read_priv_set=sys_config write_priv_set=sys_config
#
# Socket interface access permissions.
#
icmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
icmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
ip read_priv_set=net_rawaccess write_priv_set=net_rawaccess
ip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess
keysock read_priv_set=sys_net_config write_priv_set=sys_net_config
ipsecah read_priv_set=sys_net_config write_priv_set=sys_net_config
ipsecesp read_priv_set=sys_net_config write_priv_set=sys_net_config
spdsock read_priv_set=sys_net_config write_priv_set=sys_net_config
#
# Raw network interface access permissions
#
dnet read_priv_set=net_rawaccess write_priv_set=net_rawaccess
elxl read_priv_set=net_rawaccess write_priv_set=net_rawaccess
ibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess
iprb read_priv_set=net_rawaccess write_priv_set=net_rawaccess
pcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess
spwr read_priv_set=net_rawaccess write_priv_set=net_rawaccess
aggr read_priv_set=net_rawaccess write_priv_set=net_rawaccess
#
# Virtual network interface access permission
#
vni read_priv_set=net_rawaccess write_priv_set=net_rawaccess
#
# Disk devices.
#
md:admin write_priv_set=sys_config
fssnap:ctl read_priv_set=sys_config write_priv_set=sys_config
scsi_vhci:devctl write_priv_set=sys_devices
#
# Other devices that require a privilege to open.
#
random write_priv_set=sys_devices
openeepr write_priv_set=all
dld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config
aggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config
#
# IP Filter
#
ipf read_priv_set=sys_net_config write_priv_set=sys_net_config
|
