HP-UX Containers (SRP) A.03.00 Administrator's Guide
84
Disallowed
Privilege
Description
Example
CHANGECMPT
Grants a process the ability to change its
compartment.
privrun (1M)
CMPTREAD
Allows a process to open a file or
directory for reading, executing, or
searching, bypassing compartment rules.
CMPTWRITE
Allows a process to write to a file or
directory, bypassing compartment rules.
COMMALLOWED
Allows a process to override compartment
rules in the IPC and network subsystems.
CORESYSATTR
Allows a process to manage system
attributes such as kernel tunables and
system time.
kctune(1M), date(1M)
DLKM
Allows a process to load a kernel module,
change the global search path for DLKM.
kcmodule(1M)
FSS, FSSTHREAD
Allows a process or thread to configure
fair share scheduler.
MKNOD
Allows a process to create character or
block special files.
mknod(1M)
MPCTL
Allows a process to change processor
binding, locality domain binding, or
launch policy of a process.
mpctl(2)
NETADMIN
Allows a process to perform network
administrative operations such as
configuring IP address and routing tables.
Add, delete, update options of
ifconfig(1M), netstat(1M),
route (1M)
NETPROMISCUOUS
Allows a process to configure an interface
to listen in promiscuous mode.
tcpdump
PSET
Allows change to the system pset
configuration.
RDEVOPS
Allows a process to do device specific
administrative operations such as tape or
disk formatting.
REBOOT
Allows a process to perform system reboot.
reboot(1M)
RULESCONFIG
Allows a process to add and modify
compartment rules.
setrules(1M)
SPUCTL
Allows a process to perform certain
administrative operations in the Instant