Solaris SMF, Projects and Security Snippets
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
CDDL HEADER START
The contents of this file are subject to the terms of the
Common Development and Distribution License (the "License").
You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
or http://www.opensolaris.org/os/licensing.
See the License for the specific language governing permissions
and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each
file and include the License file at usr/src/OPENSOLARIS.LICENSE.
If applicable, add the following below this CDDL HEADER, with the
fields enclosed by brackets "[]" replaced with your own identifying
information: Portions Copyright [yyyy] [name of copyright owner]
CDDL HEADER END
-->
<!--
Service description DTD
Most attributes are string values (or an individual string from a
restricted set), but attributes with a specific type requirement are
noted in the comment describing the element.
-->
<!--
XInclude support
A series of service bundles may be composed via the xi:include tag.
smf(5) tools enforce that all bundles be of the same type.
-->
<!--
These entities are used for the property, propval and property_group
elements, that require type attributes for manifest, while for profiles
the type attributes are only implied.
-->
<!ENTITY % profile "IGNORE">
<!ENTITY % manifest "INCLUDE">
<!ELEMENT xi:include
(xi:fallback)
>
<!ATTLIST xi:include
href CDATA #REQUIRED
parse (xml|text) "xml"
encoding CDATA #IMPLIED
xmlns:xi CDATA #FIXED "http://www.w3.org/2001/XInclude"
>
<!ELEMENT xi:fallback
ANY
>
<!ATTLIST xi:fallback
xmlns:xi CDATA #FIXED "http://www.w3.org/2001/XInclude"
>
<!--
stability
This element associates an SMI stability level with the parent
element. See attributes(5) for an explanation of interface
stability levels.
Its attribute is
value The stability level of the parent element.
-->
<!ELEMENT stability EMPTY>
<!ATTLIST stability
value ( Standard | Stable | Evolving | Unstable |
External | Obsolete ) #REQUIRED >
<!-- Property value lists -->
<!--
value_node
This element represents a single value within any of the typed
property value lists.
Its attribute is
value The value for this node in the list.
-->
<!ELEMENT value_node EMPTY>
<!ATTLIST value_node
value CDATA #REQUIRED>
<!--
count_list
integer_list
opaque_list
host_list
hostname_list
net_address_list
net_address_v4_list
net_address_v6_list
time_list
astring_list
ustring_list
boolean_list
fmri_list
uri_list
These elements represent the typed lists of values for a property.
Each contains one or more value_node elements representing each
value on the list.
None of these elements has attributes.
-->
<!ELEMENT count_list
( value_node+ )>
<!ATTLIST count_list>
<!ELEMENT integer_list
( value_node+ )>
<!ATTLIST integer_list>
<!ELEMENT opaque_list
( value_node+ )>
<!ATTLIST opaque_list>
<!ELEMENT host_list
( value_node+ )>
<!ATTLIST host_list>
<!ELEMENT hostname_list
( value_node+ )>
<!ATTLIST hostname_list>
<!ELEMENT net_address_list
( value_node+ )>
<!ATTLIST net_address_list>
<!ELEMENT net_address_v4_list
( value_node+ )>
<!ATTLIST net_address_v4_list>
<!ELEMENT net_address_v6_list
( value_node+ )>
<!ATTLIST net_address_v6_list>
<!ELEMENT time_list
( value_node+ )>
<!ATTLIST time_list>
<!ELEMENT astring_list
( value_node+ )>
<!ATTLIST astring_list>
<!ELEMENT ustring_list
( value_node+ )>
<!ATTLIST ustring_list>
<!ELEMENT boolean_list
( value_node+ )>
<!ATTLIST boolean_list>
<!ELEMENT fmri_list
( value_node+ )>
<!ATTLIST fmri_list>
<!ELEMENT uri_list
( value_node+ )>
<!ATTLIST uri_list>
<!-- Properties and property groups -->
<!--
property
This element is for a singly or multiply valued property within a
property group. It contains an appropriate value list element,
which is expected to be consistent with the type attribute.
Its attributes are
name The name of this property.
type The data type for this property.
override These values should replace values already in the
repository.
-->
<![%profile;[
<!ELEMENT property
( count_list | integer_list | opaque_list | host_list | hostname_list |
net_address_list | net_address_v4_list | net_address_v6_list |
time_list | astring_list | ustring_list | boolean_list | fmri_list |
uri_list )? >
<!ATTLIST property
name CDATA #REQUIRED
type ( count | integer | opaque | host | hostname |
net_address | net_address_v4 | net_address_v6 | time |
astring | ustring | boolean | fmri | uri ) #IMPLIED
override ( true | false ) "false" >
]]>
<![%manifest;[
<!ELEMENT property
( count_list | integer_list | opaque_list | host_list | hostname_list |
net_address_list | net_address_v4_list | net_address_v6_list |
time_list | astring_list | ustring_list | boolean_list | fmri_list |
uri_list )? >
<!ATTLIST property
name CDATA #REQUIRED
type ( count | integer | opaque | host | hostname |
net_address | net_address_v4 | net_address_v6 | time |
astring | ustring | boolean | fmri | uri ) #REQUIRED
override ( true | false ) "false" >
]]>
<!--
propval
This element is for a singly valued property within a property
group. List-valued properties must use the property element above.
Its attributes are
name The name of this property.
type The data type for this property.
value The value for this property. Must match type
restriction of type attribute.
override This value should replace any values already in the
repository.
-->
<![%profile;[
<!ELEMENT propval EMPTY>
<!ATTLIST propval
name CDATA #REQUIRED
type ( count | integer | opaque | host | hostname |
net_address | net_address_v4 | net_address_v6 | time |
astring | ustring | boolean | fmri | uri ) #IMPLIED
value CDATA #REQUIRED
override ( true | false ) "false" >
]]>
<![%manifest;[
<!ELEMENT propval EMPTY>
<!ATTLIST propval
name CDATA #REQUIRED
type ( count | integer | opaque | host | hostname |
net_address | net_address_v4 | net_address_v6 | time |
astring | ustring | boolean | fmri | uri ) #REQUIRED
value CDATA #REQUIRED
override ( true | false ) "false" >
]]>
<!--
property_group
This element is for a set of related properties on a service or
instance. It contains an optional stability element, as well as
zero or more property-containing elements.
Its attributes are
name The name of this property group.
type A category for this property group. Groups of type
"framework", "implementation" or "template" are primarily
of interest to the service management facility, while
groups of type "application" are expected to be only of
interest to the service to which this group is attached.
Other types may be introduced using the service symbol
namespace conventions.
delete If in the repository, this property group should be removed.
-->
<![%profile;[
<!ELEMENT property_group
( stability?, ( propval | property )* )>
<!ATTLIST property_group
name CDATA #REQUIRED
type CDATA #IMPLIED
delete ( true | false ) "false" >
]]>
<![%manifest;[
<!ELEMENT property_group
( stability?, ( propval | property )* )>
<!ATTLIST property_group
name CDATA #REQUIRED
type CDATA #REQUIRED
delete ( true | false ) "false" >
]]>
<!--
service_fmri
This element defines a reference to a service FMRI (for either a
service or an instance).
Its attribute is
value The FMRI.
-->
<!ELEMENT service_fmri EMPTY>
<!ATTLIST service_fmri
value CDATA #REQUIRED>
<!-- Dependencies -->
<!--
dependency
This element identifies a group of FMRIs upon which the service is
in some sense dependent. Its interpretation is left to the
restarter to which a particular service instance is delegated. It
contains a group of service FMRIs, as well as a block of properties.
Its attributes are
name The name of this dependency.
grouping The relationship between the various FMRIs grouped
here; "require_all" of the FMRIs to be online, "require_any"
of the FMRIs to be online, or "exclude_all" of the FMRIs
from being online or in maintenance for the dependency to
be satisfied. "optional_all" dependencies are satisfied
when all of the FMRIs are either online or unable to come
online (because they are disabled, misconfigured, or one
of their dependencies is unable to come online).
restart_on The type of events from the FMRIs that the service should
be restarted for. "error" restarts the service if the
dependency is restarted due to hardware fault. "restart"
restarts the service if the dependency is restarted for
any reason, including hardware fault. "refresh" restarts
the service if the dependency is refreshed or restarted for
any reason. "none" will never restart the service due to
dependency state changes.
type The type of dependency: on another service ('service'), on
a filesystem path ('path'), or another dependency type.
delete This dependency should be deleted.
-->
<!ELEMENT dependency
( service_fmri*, stability?, ( propval | property )* ) >
<!ATTLIST dependency
name CDATA #REQUIRED
grouping ( require_all | require_any | exclude_all |
optional_all ) #REQUIRED
restart_on ( error | restart | refresh | none ) #REQUIRED
type CDATA #REQUIRED
delete ( true | false ) "false" >
<!-- Dependents -->
<!--
dependent
This element identifies a service which should depend on this service. It
corresponds to a dependency in the named service. The grouping and type
attributes of that dependency are implied to be "require_all" and
"service", respectively.
Its attributes are
name The name of the dependency property group to create in the
dependent entity.
grouping The grouping relationship of the dependency property
group to create in the dependent entity. See "grouping"
attribute on the dependency element.
restart_on The type of events from this service that the named service
should be restarted for.
delete True if this dependent should be deleted.
override Whether to replace an existing dependent of the same name.
-->
<!ELEMENT dependent
( service_fmri, stability?, ( propval | property )* ) >
<!ATTLIST dependent
name CDATA #REQUIRED
grouping ( require_all | require_any | exclude_all |
optional_all) #REQUIRED
restart_on ( error | restart | refresh | none) #REQUIRED
delete ( true | false ) "false"
override ( true | false ) "false" >
<!-- Method execution context, security profile, and credential definitions -->
<!--
envvar
An environment variable. It has two attributes:
name The name of the environment variable.
value The value of the environment variable.
-->
<!ELEMENT envvar EMPTY>
<!ATTLIST envvar
name CDATA #REQUIRED
value CDATA #REQUIRED >
<!--
method_environment
This element defines the environment for a method. It has no
attributes, and one or more envvar child elements.
-->
<!ELEMENT method_environment (envvar+) >
<!ATTLIST method_environment>
<!--
method_profile
This element indicates which exec_attr(5) profile applies to the
method context being defined.
Its attribute is
name The name of the profile.
-->
<!ELEMENT method_profile EMPTY>
<!ATTLIST method_profile
name CDATA #REQUIRED >
<!--
method_credential
This element specifies credential attributes for the execution
method to use.
Its attributes are
user The user ID, in numeric or text form.
group The group ID, in numeric or text form. If absent or
":default", the group associated with the user in the
passwd database.
supp_groups Supplementary group IDs to be associated with the
method, separated by commas or spaces. If absent or
":default", initgroups(3C) will be used.
privileges An optional string specifying the privilege set.
limit_privileges An optional string specifying the limit
privilege set.
-->
<!ELEMENT method_credential EMPTY>
<!ATTLIST method_credential
user CDATA #REQUIRED
group CDATA #IMPLIED
supp_groups CDATA #IMPLIED
privileges CDATA #IMPLIED
limit_privileges CDATA #IMPLIED >
<!--
method_context
This element combines credential and resource management attributes
for execution methods. It may contain a method_environment, or
a method_profile or method_credential element.
Its attributes are
working_directory The home directory to launch the method from.
":default" can be used as a token to indicate use of the
user specified by the credential or profile specified.
project The project ID, in numeric or text form. ":default" can
be used as a token to indicate use of the project
identified by getdefaultproj(3PROJECT) for the non-root
user specified by the credential or profile specified.
If the user is root, ":default" designates the project
the restarter is running in.
resource_pool The resource pool name to launch the method on.
":default" can be used as a token to indicate use of the
pool specified in the project(4) entry given in the
"project" attribute above.
-->
<!ELEMENT method_context
( (method_profile | method_credential)?, method_environment? ) >
<!ATTLIST method_context
working_directory CDATA #IMPLIED
project CDATA #IMPLIED
resource_pool CDATA #IMPLIED >
<!-- Restarter delegation, methods, and monitors -->
<!--
exec_method
This element describes one of the methods used by the designated
restarter to act on the service instance. Its interpretation is
left to the restarter to which a particular service instance is
delegated. It contains a set of attributes, an optional method
context, and an optional stability element for the optional
properties that can be included.
Its attributes are
type The type of method, either "method" or "monitor".
name Name of this execution method. The method names are
usually a defined interface of the restarter to which an
instance of this service is delegated.
exec The string identifying the action to take. For
svc.startd(1M), this is a string suitable to pass to
exec(2).
timeout_seconds [integer] Duration, in seconds, to wait for this
method to complete. A '0' or '-1' denotes an infinite
timeout.
delete If in the repository, the property group for this method
should be removed.
-->
<!ELEMENT exec_method
( method_context?, stability?, ( propval | property )* ) >
<!ATTLIST exec_method
type ( method | monitor ) #REQUIRED
name CDATA #REQUIRED
exec CDATA #REQUIRED
timeout_seconds CDATA #REQUIRED
delete ( true | false ) "false" >
<!--
restarter
A flag element identifying the restarter to which this service or
service instance is delegated. Contains the FMRI naming the
delegated restarter.
This element has no attributes.
-->
<!ELEMENT restarter
( service_fmri ) >
<!ATTLIST restarter>
<!--
Templates
-->
<!--
doc_link
The doc_link relates a resource described by the given URI to the
service described by the containing template. The resource is
expected to be a documentation or elucidatory reference of some
kind.
Its attributes are
name A label for this resource.
uri A URI to the resource.
-->
<!ELEMENT doc_link EMPTY>
<!ATTLIST doc_link
name CDATA #REQUIRED
uri CDATA #REQUIRED >
<!--
manpage
The manpage element connects the reference manual page to the
template's service.
Its attributes are
title The manual page title.
section The manual page's section.
manpath The MANPATH environment variable, as described in man(1)
that is required to reach the named manual page
-->
<!ELEMENT manpage EMPTY>
<!ATTLIST manpage
title CDATA #REQUIRED
section CDATA #REQUIRED
manpath CDATA ":default" >
<!--
documentation
The documentation element groups an arbitrary number of doc_link
and manpage references.
It has no attributes.
-->
<!ELEMENT documentation
( doc_link | manpage )* >
<!ATTLIST documentation>
<!--
loctext
The loctext element is a container for localized text.
Its sole attribute is
xml:lang The name of the locale, in the form accepted by LC_ALL,
etc. See locale(5).
-->
<!ELEMENT loctext
(#PCDATA) >
<!ATTLIST loctext
xml:lang CDATA #REQUIRED >
<!--
description
The description holds a set of potentially longer, localized strings that
consist of a short description of the service.
The description has no attributes.
-->
<!ELEMENT description
( loctext+ ) >
<!ATTLIST description>
<!--
common_name
The common_name holds a set of short, localized strings that
represent a well-known name for the service in the given locale.
The common_name has no attributes.
-->
<!ELEMENT common_name
( loctext+ ) >
<!ATTLIST common_name>
<!--
units
The units a numerical property is expressed in.
-->
<!ELEMENT units
( loctext+ ) >
<!ATTLIST units>
<!--
visibility
Expresses how a property is typically accessed. This isn't
intended as access control, but as an indicator as to how a
property is used.
Its attributes are:
value 'hidden', 'readonly', or 'readwrite' indicating that
the property should be hidden from the user, shown but
read-only, or modifiable.
-->
<!ELEMENT visibility EMPTY>
<!ATTLIST visibility
value ( hidden | readonly | readwrite ) #REQUIRED >
<!--
value
Describes a legal value for a property value, and optionally contains a
human-readable name and description for the specified property
value.
Its attributes are:
name A string representation of the value.
-->
<!ELEMENT value
( common_name?, description? ) >
<!ATTLIST value
name CDATA #REQUIRED >
<!--
values
Human-readable names and descriptions for valid values of a property.
-->
<!ELEMENT values
(value+) >
<!ATTLIST values>
<!--
cardinality
Places a constraint on the number of values the property can take
on.
Its attributes are:
min minimum number of values
max maximum number of values
Both attributes are optional. If min is not specified, it defaults to
0. If max is not specified it indicates an unlimited number of values.
If neither is specified this indicates 0 or more values.
-->
<!ELEMENT cardinality EMPTY>
<!ATTLIST cardinality
min CDATA "0"
max CDATA "18446744073709551615">
<!--
internal_separators
Indicates the separators used within a property's value used to
separate the actual values. Used in situations where multiple
values are packed into a single property value instead of using a
multi-valued property.
-->
<!ELEMENT internal_separators
(#PCDATA) >
<!ATTLIST internal_separators>
<!--
range
Indicates a range of possible integer values.
Its attributes are:
min The minimum value of the range (inclusive).
max The maximum value of the range (inclusive).
-->
<!ELEMENT range EMPTY>
<!ATTLIST range
min CDATA #REQUIRED
max CDATA #REQUIRED >
<!--
constraints
Provides a set of constraints on the values a property can take on.
-->
<!ELEMENT constraints
( value*, range* ) >
<!ATTLIST constraints>
<!--
include_values
Includes an entire set of values in the choices block.
Its attributes are:
type Either "constraints" or "values", indicating an
inclusion of all values allowed by the property's
constraints or all values for which there are
human-readable names and descriptions, respectively.
-->
<!ELEMENT include_values EMPTY>
<!ATTLIST include_values
type ( constraints | values ) #REQUIRED >
<!--
choices
Provides a set of common choices for the values a property can take
on. Useful in those cases where the possibilities are unenumerable
or merely inconveniently legion, and a manageable subset is desired
for presentation in a user interface.
-->
<!ELEMENT choices
( value*, range*, include_values* ) >
<!ATTLIST choices>
<!--
prop_pattern
The prop_pattern describes one property of the enclosing property group
pattern.
Its attributes are:
name The property's name.
type The property's type.
required
If the property group is present, this property is required.
type can be omitted if required is false.
-->
<!ELEMENT prop_pattern
( common_name?, description?, units?, visibility?, cardinality?,
internal_separators?, values?, constraints?, choices? ) >
<!ATTLIST prop_pattern
name CDATA #REQUIRED
type ( count | integer | opaque | host | hostname |
net_address | net_address_v4 | net_address_v6 | time |
astring | ustring | boolean | fmri | uri ) #IMPLIED
required ( true | false ) "false" >
<!--
pg_pattern
The pg_pattern describes one property group.
Depending on the element's attributes, these descriptions may apply
to just the enclosing service/instance, instances of the enclosing
service, delegates of the service (assuming it is a restarter), or
all services.
Its attributes are:
name The property group's name. If not specified, it
matches all property groups with the specified type.
type The property group's type. If not specified, it
matches all property groups with the specified name.
required
If the property group is required.
target The scope of the pattern, which may be all, delegate,
instance, or this. 'all' is reserved for framework use
and applies the template to all services on the system.
'delegate' is reserved for restarters, and means the
template applies to all services which use the restarter.
'this' would refer to the defining service or instance.
'instance' can only be used in a service's template block,
and means the definition applies to all instances of this
service.
-->
<!ELEMENT pg_pattern
( common_name?, description?, prop_pattern* ) >
<!ATTLIST pg_pattern
name CDATA ""
type CDATA ""
required ( true | false ) "false"
target ( this | instance | delegate | all ) "this" >
<!--
template
The template contains a collection of metadata about the service.
It contains a localizable string that serves as a common,
human-readable name for the service. (This name should be less than
60 characters in a single byte locale.) The template may optionally
contain a longer localizable description of the service, a
collection of links to documentation, either in the form of manual
pages or in the form of URI specifications to external documentation
sources (such as docs.sun.com).
The template has no attributes.
-->
<!ELEMENT template
( common_name, description?, documentation?, pg_pattern* ) >
<!ATTLIST template>
<!-- Notification Parameters -->
<!ELEMENT paramval EMPTY>
<!ATTLIST paramval
name CDATA #REQUIRED
value CDATA #REQUIRED>
<!ELEMENT parameter
( value_node* )>
<!ATTLIST parameter
name CDATA #REQUIRED>
<!ELEMENT event EMPTY>
<!ATTLIST event
value CDATA #REQUIRED>
<!ELEMENT type
( ( parameter | paramval )* )>
<!ATTLIST type
name CDATA #REQUIRED
active ( true | false ) "true" >
<!--
notification parameters
This element sets the notification parameters for Software Events and
Fault Management problem lifecycle events.
-->
<!ELEMENT notification_parameters
( event, type+ )>
<!ATTLIST notification_parameters>
<!-- Services and instances -->
<!--
create_default_instance
A flag element indicating that an otherwise empty default instance
of this service (named "default") should be created at install, with
its enabled property set as given.
Its attribute is
enabled [boolean] The initial value for the enabled state of
this instance.
-->
<!ELEMENT create_default_instance EMPTY >
<!ATTLIST create_default_instance
enabled ( true | false ) #REQUIRED >
<!--
single_instance
A flag element stating that this service can only have a single
instance on a particular system.
-->
<!ELEMENT single_instance EMPTY>
<!ATTLIST single_instance>
<!--
instance
The service instance is the object representing a software component
that will run on the system if enabled. It contains an enabled
element, a set of dependencies on other services, potentially
customized methods or configuration data, an optional method
context, and a pointer to its restarter. (If no restarter is
specified, the master restarter, svc.startd(1M), is assumed to be
responsible for the service.)
Its attributes are
name The canonical name for this instance of the service.
enabled [boolean] The initial value for the enabled state of
this instance.
-->
<!ELEMENT instance
( restarter?, dependency*, dependent*, method_context?,
exec_method*, notification_parameters*, property_group*,
template? ) >
<!ATTLIST instance
name CDATA #REQUIRED
enabled ( true | false ) #REQUIRED >
<!--
service
The service contains the set of instances defined by default for
this service, an optional method execution context, any default
methods, the template, and various restrictions or advice applicable
at installation. The method execution context and template elements
are required for service_bundle documents with type "manifest", but
are optional for "profile" or "archive" documents.
Its attributes are
name The canonical name for the service.
version [integer] The integer version for this service.
type Whether this service is a simple service, a delegated
restarter, or a milestone (a synthetic service that
collects a group of dependencies).
-->
<!ELEMENT service
( create_default_instance?, single_instance?, restarter?,
dependency*, dependent*, method_context?, exec_method*,
notification_parameters*, property_group*, instance*,
stability?, template? ) >
<!ATTLIST service
name CDATA #REQUIRED
version CDATA #REQUIRED
type ( service | restarter | milestone ) #REQUIRED >
<!--
service_bundle
The bundle possesses two attributes:
type How this file is to be understood by the framework (or
used in a non-framework compliant way). Standard types
are 'archive', 'manifest', and 'profile'.
name A name for the bundle. Manifests should be named after
the package which delivered them; profiles should be
named after the "feature set nickname" they intend to
enable.
-->
<!ELEMENT service_bundle
( service_bundle* | service* | xi:include* )>
<!ATTLIST service_bundle
type CDATA #REQUIRED
name CDATA #REQUIRED>
# ppriv -l -v
contract_event
Allows a process to request critical events without limitation.
Allows a process to request reliable delivery of all events on
any event queue.
contract_identity
Allows a process to set the service FMRI value of a process
contract template.
contract_observer
Allows a process to observe contract events generated by
contracts created and owned by users other than the process's
effective user ID.
Allows a process to open contract event endpoints belonging to
contracts created and owned by users other than the process's
effective user ID.
cpc_cpu
Allow a process to access per-CPU hardware performance counters.
dtrace_kernel
Allows DTrace kernel-level tracing.
dtrace_proc
Allows DTrace process-level tracing.
Allows process-level tracing probes to be placed and enabled in
processes to which the user has permissions.
dtrace_user
Allows DTrace user-level tracing.
Allows use of the syscall and profile DTrace providers to
examine processes to which the user has permissions.
file_chown
Allows a process to change a file's owner user ID.
Allows a process to change a file's group ID to one other than
the process' effective group ID or one of the process'
supplemental group IDs.
file_chown_self
Allows a process to give away its files; a process with this
privilege will run as if {_POSIX_CHOWN_RESTRICTED} is not
in effect.
file_dac_execute
Allows a process to execute an executable file whose permission
bits or ACL do not allow the process execute permission.
file_dac_read
Allows a process to read a file or directory whose permission
bits or ACL do not allow the process read permission.
file_dac_search
Allows a process to search a directory whose permission bits or
ACL do not allow the process search permission.
file_dac_write
Allows a process to write a file or directory whose permission
bits or ACL do not allow the process write permission.
In order to write files owned by uid 0 in the absence of an
effective uid of 0 ALL privileges are required.
file_downgrade_sl
Allows a process to set the sensitivity label of a file or
directory to a sensitivity label that does not dominate the
existing sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
file_flag_set
Allows a process to set immutable, nounlink or appendonly
file attributes.
file_link_any
Allows a process to create hardlinks to files owned by a uid
different from the process' effective uid.
file_owner
Allows a process which is not the owner of a file or directory
to perform the following operations that are normally permitted
only for the file owner: modify that file's access and
modification times; remove or rename a file or directory whose
parent directory has the ``save text image after execution''
(sticky) bit set; mount a ``namefs'' upon a file; modify
permission bits or ACL except for the set-uid and set-gid
bits.
file_read
Allows a process to read objects in the filesystem.
file_setid
Allows a process to change the ownership of a file or write to
a file without the set-user-ID and set-group-ID bits being
cleared.
Allows a process to set the set-group-ID bit on a file or
directory whose group is not the process' effective group or
one of the process' supplemental groups.
Allows a process to set the set-user-ID bit on a file with
different ownership in the presence of PRIV_FILE_OWNER.
Additional restrictions apply when creating or modifying a
set-uid 0 file.
file_upgrade_sl
Allows a process to set the sensitivity label of a file or
directory to a sensitivity label that dominates the existing
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
file_write
Allows a process to modify objects in the filesystem.
graphics_access
Allows a process to make privileged ioctls to graphics devices.
Typically only xserver process needs to have this privilege.
A process with this privilege is also allowed to perform
privileged graphics device mappings.
graphics_map
Allows a process to perform privileged mappings through a
graphics device.
ipc_dac_read
Allows a process to read a System V IPC
Message Queue, Semaphore Set, or Shared Memory Segment whose
permission bits do not allow the process read permission.
Allows a process to read remote shared memory whose
permission bits do not allow the process read permission.
ipc_dac_write
Allows a process to write a System V IPC
Message Queue, Semaphore Set, or Shared Memory Segment whose
permission bits do not allow the process write permission.
Allows a process to read remote shared memory whose
permission bits do not allow the process write permission.
Additional restrictions apply if the owner of the object has uid 0
and the effective uid of the current process is not 0.
ipc_owner
Allows a process which is not the owner of a System
V IPC Message Queue, Semaphore Set, or Shared Memory Segment to
remove, change ownership of, or change permission bits of the
Message Queue, Semaphore Set, or Shared Memory Segment.
Additional restrictions apply if the owner of the object has uid 0
and the effective uid of the current process is not 0.
net_access
Allows a process to open a TCP, UDP, SDP or SCTP network endpoint.
net_bindmlp
Allow a process to bind to a port that is configured as a
multi-level port(MLP) for the process's zone. This privilege
applies to both shared address and zone-specific address MLPs.
See tnzonecfg(4) from the Trusted Extensions manual pages for
information on configuring MLP ports.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
net_icmpaccess
Allows a process to send and receive ICMP packets.
net_mac_aware
Allows a process to set NET_MAC_AWARE process flag by using
setpflags(2). This privilege also allows a process to set
SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET).
The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket
option both allow a local process to communicate with an
unlabeled peer if the local process' label dominates the
peer's default label, or if the local process runs in the
global zone.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
net_mac_implicit
Allows a process to set SO_MAC_IMPLICIT option by using
setsockopt(3SOCKET). This allows a privileged process to
transmit implicitly-labeled packets to a peer.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
net_observability
Allows a process to access /dev/lo0 and the devices in /dev/ipnet/
while not requiring them to need PRIV_NET_RAWACCESS.
net_privaddr
Allows a process to bind to a privileged port
number. The privilege port numbers are 1-1023 (the traditional
UNIX privileged ports) as well as those ports marked as
"udp/tcp_extra_priv_ports" with the exception of the ports
reserved for use by NFS.
net_rawaccess
Allows a process to have direct access to the network layer.
proc_audit
Allows a process to generate audit records.
Allows a process to get its own audit pre-selection information.
proc_chroot
Allows a process to change its root directory.
proc_clock_highres
Allows a process to use high resolution timers.
proc_exec
Allows a process to call execve().
proc_fork
Allows a process to call fork1()/forkall()/vfork()
proc_info
Allows a process to examine the status of processes other
than those it can send signals to. Processes which cannot
be examined cannot be seen in /proc and appear not to exist.
proc_lock_memory
Allows a process to lock pages in physical memory.
proc_meminfo
Allows a process to access physical memory information.
proc_owner
Allows a process to send signals to other processes, inspect
and modify process state to other processes regardless of
ownership. When modifying another process, additional
restrictions apply: the effective privilege set of the
attaching process must be a superset of the target process'
effective, permitted and inheritable sets; the limit set must
be a superset of the target's limit set; if the target process
has any uid set to 0 all privilege must be asserted unless the
effective uid is 0.
Allows a process to bind arbitrary processes to CPUs.
proc_prioup
Allows a process to elevate its priority above its current level.
proc_priocntl
Allows all that PRIV_PROC_PRIOUP allows.
Allows a process to change its scheduling class to any scheduling class,
including the RT class.
proc_secflags
proc_session
Allows a process to send signals or trace processes outside its
session.
proc_setid
Allows a process to set its uids at will.
Assuming uid 0 requires all privileges to be asserted.
proc_taskid
Allows a process to assign a new task ID to the calling process.
proc_zone
Allows a process to trace or send signals to processes in
other zones.
sys_acct
Allows a process to enable and disable and manage accounting through
acct(2), getacct(2), putacct(2) and wracct(2).
sys_admin
Allows a process to perform system administration tasks such
as setting node and domain name and specifying nscd and coreadm
settings.
sys_audit
Allows a process to start the (kernel) audit daemon.
Allows a process to view and set audit state (audit user ID,
audit terminal ID, audit sessions ID, audit pre-selection mask).
Allows a process to turn off and on auditing.
Allows a process to configure the audit parameters (cache and
queue sizes, event to class mappings, policy options).
sys_config
Allows a process to perform various system configuration tasks.
Allows a process to add and remove swap devices; when adding a swap
device, a process must also have sufficient privileges to read from
and write to the swap device.
sys_devices
Allows a process to successfully call a kernel module that
calls the kernel drv_priv(9F) function to check for allowed
access.
Allows a process to open the real console device directly.
Allows a process to open devices that have been exclusively opened.
sys_ipc_config
Allows a process to increase the size of a System V IPC Message
Queue buffer.
sys_linkdir
Allows a process to unlink and link directories.
sys_mount
Allows filesystem specific administrative procedures, such as
filesystem configuration ioctls, quota calls and creation/deletion
of snapshots.
Allows a process to mount and unmount filesystems which would
otherwise be restricted (i.e., most filesystems except
namefs).
A process performing a mount operation needs to have
appropriate access to the device being mounted (read-write for
"rw" mounts, read for "ro" mounts).
A process performing any of the aforementioned
filesystem operations needs to have read/write/owner
access to the mount point.
Only regular files and directories can serve as mount points
for processes which do not have all zone privileges asserted.
Unless a process has all zone privileges, the mount(2)
system call will force the "nosuid" and "restrict" options, the
latter only for autofs mountpoints.
Regardless of privileges, a process running in a non-global zone may
only control mounts performed from within said zone.
Outside the global zone, the "nodevices" option is always forced.
sys_iptun_config
Allows a process to configure IP tunnel links.
sys_dl_config
Allows a process to configure all classes of datalinks, including
configuration allowed by PRIV_SYS_IPTUN_CONFIG.
sys_ip_config
Allows a process to configure a system's IP interfaces and routes.
Allows a process to configure network parameters using ndd.
Allows a process access to otherwise restricted information using ndd.
Allows a process to configure IPsec.
Allows a process to pop anchored STREAMs modules with matching zoneid.
sys_net_config
Allows all that PRIV_SYS_IP_CONFIG, PRIV_SYS_DL_CONFIG, and
PRIV_SYS_PPP_CONFIG allow.
Allows a process to push the rpcmod STREAMs module.
Allows a process to INSERT/REMOVE STREAMs modules on locations other
than the top of the module stack.
sys_nfs
Allows a process to perform Sun private NFS specific system calls.
Allows a process to bind to ports reserved by NFS: ports 2049 (nfs)
and port 4045 (lockd).
sys_ppp_config
Allows a process to create and destroy PPP (sppp) interfaces.
Allows a process to configure PPP tunnels (sppptun).
sys_res_bind
Allows a process to bind processes to processor sets.
sys_res_config
Allows all that PRIV_SYS_RES_BIND allows.
Allows a process to create and delete processor sets, assign
CPUs to processor sets and override the PSET_NOESCAPE property.
Allows a process to change the operational status of CPUs in
the system using p_online(2).
Allows a process to configure resource pools and to bind
processes to pools
sys_resource
Allows a process to modify the resource limits specified
by setrlimit(2) and setrctl(2) without restriction.
Allows a process to exceed the per-user maximum number of
processes.
Allows a process to extend or create files on a filesystem that
has less than minfree space in reserve.
sys_smb
Allows a process to access the Sun private SMB kernel module.
Allows a process to bind to ports reserved by NetBIOS and SMB:
ports 137 (NBNS), 138 (NetBIOS Datagram Service), 139 (NetBIOS
Session Service and SMB-over-NBT) and 445 (SMB-over-TCP).
sys_suser_compat
Allows a process to successfully call a third party loadable module
that calls the kernel suser() function to check for allowed access.
This privilege exists only for third party loadable module
compatibility and is not used by Solaris proper.
sys_time
Allows a process to manipulate system time using any of the
appropriate system calls: stime, adjtime, ntp_adjtime and
the IA specific RTC calls.
sys_trans_label
Allows a process to translate labels that are not dominated
by the process' sensitivity label to and from an external
string form.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
virt_manage
Allows a process to manage virtualized environments such as
xVM(5).
win_colormap
Allows a process to override colormap restrictions.
Allows a process to install or remove colormaps.
Allows a process to retrieve colormap cell entries allocated
by other processes.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_config
Allows a process to configure or destroy resources that are
permanently retained by the X server.
Allows a process to use SetScreenSaver to set the screen
saver timeout value.
Allows a process to use ChangeHosts to modify the display
access control list.
Allows a process to use GrabServer.
Allows a process to use the SetCloseDownMode request which
may retain window, pixmap, colormap, property, cursor, font,
or graphic context resources.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_dac_read
Allows a process to read from a window resource that it does
not own (has a different user ID).
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_dac_write
Allows a process to write to or create a window resource that
it does not own (has a different user ID). A newly created
window property is created with the window's user ID.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_devices
Allows a process to perform operations on window input devices.
Allows a process to get and set keyboard and pointer controls.
Allows a process to modify pointer button and key mappings.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_dga
Allows a process to use the direct graphics access (DGA) X protocol
extensions. Direct process access to the frame buffer is still
required. Thus the process must have MAC and DAC privileges that
allow access to the frame buffer, or the frame buffer must be
allocated to the process.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_downgrade_sl
Allows a process to set the sensitivity label of a window resource
to a sensitivity label that does not dominate the existing
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_fontpath
Allows a process to set a font path.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_mac_read
Allows a process to read from a window resource whose sensitivity
label is not equal to the process sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_mac_write
Allows a process to create a window resource whose sensitivity
label is not equal to the process sensitivity label.
A newly created window property is created with the window's
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_selection
Allows a process to request inter-window data moves without the
intervention of the selection confirmer.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
win_upgrade_sl
Allows a process to set the sensitivity label of a window
resource to a sensitivity label that dominates the existing
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
xvm_control
Allows a process access to the xVM(5) control devices for
managing guest domains and the hypervisor. This privilege is
used only if booted into xVM on x86 platforms.
/*
* CC=/opt/gcc-5.1.0/bin gcc -m64 -o getdefaultproj -Wall -lproject getdefaultproj.c
*/
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <project.h>
struct project proj;
void * buf;
char *user;
int main(int argc, char **argv) {
if ((argc > 1) && (strcmp(argv[1], "") != 0)) {
user = argv[1] ;
} else {
user = "root" ;
}
buf = malloc(PROJECT_BUFSZ);
if (buf == NULL) return 1;
if (getdefaultproj(user, &proj, buf, PROJECT_BUFSZ) == NULL) {
printf("User does not exist or failed to get default project!\n");
} else {
printf("%s\n", proj.pj_name);
}
return 0;
}