# # Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "@(#)device_policy 1.18 06/07/31 SMI" # # Device policy configuration file. When devices are opened the # additional access controls in this file are enforced. # # The format of this file is subject to change without notice. # # Default open privileges, must be first entry in the file. # * read_priv_set=none write_priv_set=none # # Kernel memory devices. # mm:allkmem read_priv_set=all write_priv_set=all mm:kmem read_priv_set=none write_priv_set=all mm:mem read_priv_set=none write_priv_set=all sad:admin read_priv_set=sys_config write_priv_set=sys_config # # Socket interface access permissions. # icmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess icmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess ip read_priv_set=net_rawaccess write_priv_set=net_rawaccess ip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess keysock read_priv_set=sys_net_config write_priv_set=sys_net_config ipsecah read_priv_set=sys_net_config write_priv_set=sys_net_config ipsecesp read_priv_set=sys_net_config write_priv_set=sys_net_config spdsock read_priv_set=sys_net_config write_priv_set=sys_net_config # # Raw network interface access permissions # dnet read_priv_set=net_rawaccess write_priv_set=net_rawaccess elxl read_priv_set=net_rawaccess write_priv_set=net_rawaccess ibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess iprb read_priv_set=net_rawaccess write_priv_set=net_rawaccess pcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess spwr read_priv_set=net_rawaccess write_priv_set=net_rawaccess bge read_priv_set=net_rawaccess write_priv_set=net_rawaccess aggr read_priv_set=net_rawaccess write_priv_set=net_rawaccess # # Virtual network interface access permission # vni read_priv_set=net_rawaccess write_priv_set=net_rawaccess # # Disk devices. # md:admin write_priv_set=sys_config fssnap:ctl read_priv_set=sys_config write_priv_set=sys_config scsi_vhci:devctl write_priv_set=sys_devices # # Other devices that require a privilege to open. # random write_priv_set=sys_devices openeepr write_priv_set=all dld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config aggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config # # IP Filter # ipf read_priv_set=sys_net_config write_priv_set=sys_net_config pfil read_priv_set=net_rawaccess write_priv_set=net_rawaccess