HP-UX Security Containment B.11.23.01 Release Notes
HP-UX Security Containment B.11.23.01 Release Notes
Using DLPI with HP-UX 11i Security Containment
Chapter 110
Using DLPI with HP-UX 11i Security Containment
Data Link Provider Interface (DLPI) is an industry standard definition for message
communications to STREAMS-based network interface drivers. Refer to the DLPI
Programmer’s Guide for more information about the DLPI implementation on HP-UX.
With HP-UX 11i Security Containment Version B.11.23.01, certain DLPI applications require
additional fine-grained privileges when not running with effective uid=0. These types of
applications are described as follows:
• Application that use the HP DLPI RAW mode service must be granted the
PRIV_NETRAWACCESS privilege.
• Applications that access a DLPI device directly (instead of using socket calls) to transmit
or receive IPv4, IPv6, or ARP packets must be granted the PRIV_NETADMIN privilege.
NOTE This does not affect socket applications communicating using IPv4
(AF_INET) or IPv6 (AF_INET6) address families.
• Applications that perform administrative tasks such as resetting hardware statistics
must be granted the PRIV_NETADMIN privilege.
Refer to the HP-UX 11i Security Containment Administrator’s Guide for more information
about using fine-grained privileges.