2 files changed, 22 insertions, 6 deletions

diff --git a/usr/src/man/man3c/priv_addset.3c b/usr/src/man/man3c/priv_addset.3c
index 7537cacde6..a695b87bcc 100644
--- a/usr/src/man/man3c/priv_addset.3c
+++ b/usr/src/man/man3c/priv_addset.3c
@@ -6,8 +6,9 @@
 .TH PRIV_ADDSET 3C "Jan 28, 2005"
 .SH NAME
 priv_addset, priv_allocset, priv_copyset, priv_delset, priv_emptyset,
-priv_fillset, priv_freeset, priv_intersect, priv_inverse, priv_isemptyset,
-priv_isequalset, priv_isfullset, priv_ismember, priv_issubset, priv_union \-
+priv_basicset, priv_fillset, priv_freeset, priv_intersect, priv_inverse,
+priv_isemptyset, priv_isequalset, priv_isfullset, priv_ismember,
+priv_issubset, priv_union \-
 privilege set manipulation functions
 .SH SYNOPSIS
 .LP
@@ -39,6 +40,11 @@ privilege set manipulation functions
 
 .LP
 .nf
+\fBvoid\fR \fBpriv_basicset\fR(\fBpriv_set_t *\fR\fIsp\fR);
+.fi
+
+.LP
+.nf
 \fBvoid\fR \fBpriv_fillset\fR(\fBpriv_set_t *\fR\fIsp\fR);
 .fi
 
@@ -114,6 +120,9 @@ The \fBpriv_delset()\fR function removes the named privilege \fIpriv\fR from
 The \fBpriv_emptyset()\fR function clears all privileges from \fIsp\fR.
 .sp
 .LP
+The \fBpriv_basicset()\fR function copies the basic privilege set to \fIsp\fR.
+.sp
+.LP
 The \fBpriv_fillset()\fR function asserts all privileges in \fIsp\fR, including
 the privileges not currently defined in the system.
 .sp
diff --git a/usr/src/man/man5/privileges.5 b/usr/src/man/man5/privileges.5
index 260a768e81..4eac17d831 100644
--- a/usr/src/man/man5/privileges.5
+++ b/usr/src/man/man5/privileges.5
@@ -235,7 +235,9 @@ modify that file's or directory's permission bits or ACL.
 .ad
 .sp .6
 .RS 4n
-Allow a process to read objects in the filesystem.
+Allow a process to open objects in the filesystem for reading. This
+privilege is not necessary to read from an already open file which was opened
+before dropping the \fBPRIV_FILE_READ\fR privilege.
 .RE
 
 .sp
@@ -275,7 +277,9 @@ Extensions.
 .ad
 .sp .6
 .RS 4n
-Allow a process to modify objects in the filesytem.
+Allow a process to open objects in the filesytem for writing, or otherwise
+modify them. This privilege is not necessary to write to an already open file
+which was opened before dropping the \fBPRIV_FILE_WRITE\fR privilege.
 .RE
 
 .sp
@@ -354,7 +358,9 @@ Segment.
 .ad
 .sp .6
 .RS 4n
-Allow a process to open a TCP, UDP, SDP, or SCTP network endpoint.
+Allow a process to open a TCP, UDP, SDP, or SCTP network endpoint. This
+privilege is not necessary to communicate using an existing endpoint already
+opened before dropping the \fBPRIV_NET_ACCESS\fR privilege.
 .RE
 
 .sp
@@ -1087,7 +1093,8 @@ x86 platforms.
 .sp
 .LP
 Of the privileges listed above, the privileges \fBPRIV_FILE_LINK_ANY\fR,
-\fBPRIV_PROC_INFO\fR, \fBPRIV_PROC_SESSION\fR, \fBPRIV_PROC_FORK\fR and
+\fBPRIV_PROC_INFO\fR, \fBPRIV_PROC_SESSION\fR, \fBPRIV_PROC_FORK\fR,
+\fBPRIV_FILE_READ\fR, \fBPRIV_FILE_WRITE\fR, \fBPRIV_NET_ACCESS\fR and
 \fBPRIV_PROC_EXEC\fR are considered "basic" privileges. These are privileges
 that used to be always available to unprivileged processes. By default,
 processes still have the basic privileges.