How to List the Non-Global Zone's Privilege Set

Use the ppriv utility with the -l option and the expression zone to list the zone's privileges.

1. Log into the non-global zone. This example uses a zone named my-zone.

2. At the prompt, type ppriv -l zone to report the set of privileges available in the zone.

   my-zone# ppriv -l zone

   
   

   You will see a display similar to this:

   contract_event contract_observer file_chown file_chown_self file_dac_execute file_dac_read file_dac_search file_dac_write file_link_any file_owner file_setid ipc_dac_read ipc_dac_write ipc_owner net_bindmlp net_icmpaccess net_mac_aware net_privaddr proc_audit proc_chroot proc_exec proc_fork proc_info proc_owner proc_session proc_setid proc_taskid sys_acct sys_admin sys_audit sys_mount sys_nfs sys_resource

   
   

How to List a Non-Global Zone's Privilege Set With Verbose Output

Use the ppriv utility with the -l option, the expression zone, and the -v option to list the zone's privileges.

1. Log into the non-global zone. This example uses a zone named my-zone.

2. At the prompt, type ppriv -l -v zone to report the set of privileges available in the zone, with a description of each privilege.

   my-zone# ppriv -lv zone

   
   

   You will see a display similar to this:

   contract_event Allows a process to request critical events without limitation. Allows a process to request reliable delivery of all events on any event queue. contract_observer Allows a process to observe contract events generated by contracts created and owned by users other than the process's effective user ID. Allows a process to open contract event endpoints belonging to contracts created and owned by users other than the process's effective user ID. file_chown Allows a process to change a file's owner user ID. Allows a process to change a file's group ID to one other than the process' effective group ID or one of the process' supplemental group IDs. file_chown_self Allows a process to give away its files; a process with this privilege will run as if {_POSIX_CHOWN_RESTRICTED} is not in effect. file_dac_execute Allows a process to execute an executable file whose permission bits or ACL do not allow the process execute permission. file_dac_read Allows a process to read a file or directory whose permission bits or ACL do not allow the process read permission. file_dac_search Allows a process to search a directory whose permission bits or ACL do not allow the process search permission. file_dac_write Allows a process to write a file or directory whose permission bits or ACL do not allow the process write permission. In order to write files owned by uid 0 in the absence of an effective uid of 0 ALL privileges are required. file_link_any Allows a process to create hardlinks to files owned by a uid different from the process' effective uid. file_owner Allows a process which is not the owner of a file or directory to perform the following operations that are normally permitted only for the file owner: modify that file's access and modification times; remove or rename a file or directory whose parent directory has the ``save text image after execution'' (sticky) bit set; mount a ``namefs'' upon a file; modify permission bits or ACL except for the set-uid and set-gid bits. file_setid Allows a process to change the ownership of a file or write to a file without the set-user-ID and set-group-ID bits being cleared. Allows a process to set the set-group-ID bit on a file or directory whose group is not the process' effective group or one of the process' supplemental groups. Allows a process to set the set-user-ID bit on a file with different ownership in the presence of PRIV_FILE_OWNER. Additional restrictions apply when creating or modifying a set-uid 0 file. ipc_dac_read Allows a process to read a System V IPC Message Queue, Semaphore Set, or Shared Memory Segment whose permission bits do not allow the process read permission. Allows a process to read remote shared memory whose permission bits do not allow the process read permission. ipc_dac_write Allows a process to write a System V IPC Message Queue, Semaphore Set, or Shared Memory Segment whose permission bits do not allow the process write permission. Allows a process to read remote shared memory whose permission bits do not allow the process write permission. Additional restrictions apply if the owner of the object has uid 0 and the effective uid of the current process is not 0. ipc_owner Allows a process which is not the owner of a System V IPC Message Queue, Semaphore Set, or Shared Memory Segment to remove, change ownership of, or change permission bits of the Message Queue, Semaphore Set, or Shared Memory Segment. Additional restrictions apply if the owner of the object has uid 0 and the effective uid of the current process is not 0. net_bindmlp Allow a process to bind to a port that is configured as a multi-level port(MLP) for the process's zone. This privilege applies to both shared address and zone-specific address MLPs. See tnzonecfg(4) from the Trusted Extensions manual pages for information on configuring MLP ports. This privilege is interpreted only if the system is configured with Trusted Extensions. net_icmpaccess Allows a process to send and receive ICMP packets. net_mac_aware Allows a process to set NET_MAC_AWARE process flag by using setpflags(2). This privilege also allows a process to set SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET). The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket option both allow a local process to communicate with an unlabeled peer if the local process' label dominates the peer's default label, or if the local process runs in the global zone. This privilege is interpreted only if the system is configured with Trusted Extensions. net_privaddr Allows a process to bind to a privileged port number. The privilege port numbers are 1-1023 (the traditional UNIX privileged ports) as well as those ports marked as "udp/tcp_extra_priv_ports" with the exception of the ports reserved for use by NFS. proc_audit Allows a process to generate audit records. Allows a process to get its own audit pre-selection information. proc_chroot Allows a process to change its root directory. proc_exec Allows a process to call execve(). proc_fork Allows a process to call fork1()/forkall()/vfork() proc_info Allows a process to examine the status of processes other than those it can send signals to. Processes which cannot be examined cannot be seen in /proc and appear not to exist. proc_owner Allows a process to send signals to other processes, inspect and modify process state to other processes regardless of ownership. When modifying another process, additional restrictions apply: the effective privilege set of the attaching process must be a superset of the target process' effective, permitted and inheritable sets; the limit set must be a superset of the target's limit set; if the target process has any uid set to 0 all privilege must be asserted unless the effective uid is 0. Allows a process to bind arbitrary processes to CPUs. proc_session Allows a process to send signals or trace processes outside its session. proc_setid Allows a process to set its uids at will. Assuming uid 0 requires all privileges to be asserted. proc_taskid Allows a process to assign a new task ID to the calling process. sys_acct Allows a process to enable and disable and manage accounting through acct(2), getacct(2), putacct(2) and wracct(2). sys_admin Allows a process to perform system administration tasks such as setting node and domain name and specifying nscd and coreadm settings. sys_audit Allows a process to start the (kernel) audit daemon. Allows a process to view and set audit state (audit user ID, audit terminal ID, audit sessions ID, audit pre-selection mask). Allows a process to turn off and on auditing. Allows a process to configure the audit parameters (cache and queue sizes, event to class mappings, policy options). sys_mount Allows filesystem specific administrative procedures, such as filesystem configuration ioctls, quota calls and creation/deletion of snapshots. Allows a process to mount and unmount filesystems which would otherwise be restricted (i.e., most filesystems except namefs). A process performing a mount operation needs to have appropriate access to the device being mounted (read-write for "rw" mounts, read for "ro" mounts). A process performing any of the aforementioned filesystem operations needs to have read/write/owner access to the mount point. Only regular files and directories can serve as mount points for processes which do not have all zone privileges asserted. Unless a process has all zone privileges, the mount(2) system call will force the "nosuid" and "restrict" options, the latter only for autofs mountpoints. Regardless of privileges, a process running in a non-global zone may only control mounts performed from within said zone. Outside the global zone, the "nodevices" option is always forced. sys_nfs Allows a process to perform Sun private NFS specific system calls. Allows a process to bind to ports reserved by NFS: ports 2049 (nfs) and port 4045 (lockd). sys_resource Allows a process to modify the resource limits specified by setrlimit(2) and setrctl(2) without restriction. Allows a process to exceed the per-user maximum number of processes. Allows a process to extend or create files on a filesystem that has less than minfree space in reserve.