Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/cddl/osnet/sys/sys This id compile time generated f...
details: https://anonhg.NetBSD.org/src/rev/534a8d0b6eca
branches: trunk
changeset: 752584:534a8d0b6eca
user: haad <haad%NetBSD.org@localhost>
date: Mon Mar 01 20:06:37 2010 +0000
description:
This id compile time generated file add it to sys/sys and do not polute
dist dir with it.
diffstat:
external/cddl/osnet/sys/sys/priv_names.h | 681 +++++++++++++++++++++++++++++++
1 files changed, 681 insertions(+), 0 deletions(-)
diffs (truncated from 685 to 300 lines):
diff -r e372beb926ac -r 534a8d0b6eca external/cddl/osnet/sys/sys/priv_names.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/cddl/osnet/sys/sys/priv_names.h Mon Mar 01 20:06:37 2010 +0000
@@ -0,0 +1,681 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
+ *
+ * Privilege constant definitions. Privileges and privilege sets
+ * are only known by name and should be mapped at runtime.
+ *
+ * THIS FILE WAS GENERATED; DO NOT EDIT
+ */
+
+
+#ifndef _SYS_PRIV_NAMES_H
+#define _SYS_PRIV_NAMES_H
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef __PRIV_CONST_IMPL
+/*
+ * Privilege names
+ */
+/*
+ * Allows a process to request critical events without limitation.
+ * Allows a process to request reliable delivery of all events on
+ * any event queue.
+ */
+#define PRIV_CONTRACT_EVENT ((const char *)"contract_event")
+
+/*
+ * Allows a process to set the service FMRI value of a process
+ * contract template.
+ */
+#define PRIV_CONTRACT_IDENTITY ((const char *)"contract_identity")
+
+/*
+ * Allows a process to observe contract events generated by
+ * contracts created and owned by users other than the process's
+ * effective user ID.
+ * Allows a process to open contract event endpoints belonging to
+ * contracts created and owned by users other than the process's
+ * effective user ID.
+ */
+#define PRIV_CONTRACT_OBSERVER ((const char *)"contract_observer")
+
+/*
+ * Allow a process to access per-CPU hardware performance counters.
+ */
+#define PRIV_CPC_CPU ((const char *)"cpc_cpu")
+
+/*
+ * Allows DTrace kernel-level tracing.
+ */
+#define PRIV_DTRACE_KERNEL ((const char *)"dtrace_kernel")
+
+/*
+ * Allows DTrace process-level tracing.
+ * Allows process-level tracing probes to be placed and enabled in
+ * processes to which the user has permissions.
+ */
+#define PRIV_DTRACE_PROC ((const char *)"dtrace_proc")
+
+/*
+ * Allows DTrace user-level tracing.
+ * Allows use of the syscall and profile DTrace providers to
+ * examine processes to which the user has permissions.
+ */
+#define PRIV_DTRACE_USER ((const char *)"dtrace_user")
+
+/*
+ * Allows a process to change a file's owner user ID.
+ * Allows a process to change a file's group ID to one other than
+ * the process' effective group ID or one of the process'
+ * supplemental group IDs.
+ */
+#define PRIV_FILE_CHOWN ((const char *)"file_chown")
+
+/*
+ * Allows a process to give away its files; a process with this
+ * privilege will run as if {_POSIX_CHOWN_RESTRICTED} is not
+ * in effect.
+ */
+#define PRIV_FILE_CHOWN_SELF ((const char *)"file_chown_self")
+
+/*
+ * Allows a process to execute an executable file whose permission
+ * bits or ACL do not allow the process execute permission.
+ */
+#define PRIV_FILE_DAC_EXECUTE ((const char *)"file_dac_execute")
+
+/*
+ * Allows a process to read a file or directory whose permission
+ * bits or ACL do not allow the process read permission.
+ */
+#define PRIV_FILE_DAC_READ ((const char *)"file_dac_read")
+
+/*
+ * Allows a process to search a directory whose permission bits or
+ * ACL do not allow the process search permission.
+ */
+#define PRIV_FILE_DAC_SEARCH ((const char *)"file_dac_search")
+
+/*
+ * Allows a process to write a file or directory whose permission
+ * bits or ACL do not allow the process write permission.
+ * In order to write files owned by uid 0 in the absence of an
+ * effective uid of 0 ALL privileges are required.
+ */
+#define PRIV_FILE_DAC_WRITE ((const char *)"file_dac_write")
+
+/*
+ * Allows a process to set the sensitivity label of a file or
+ * directory to a sensitivity label that does not dominate the
+ * existing sensitivity label.
+ * This privilege is interpreted only if the system is configured
+ * with Trusted Extensions.
+ */
+#define PRIV_FILE_DOWNGRADE_SL ((const char *)"file_downgrade_sl")
+
+/*
+ * Allows a process to create hardlinks to files owned by a uid
+ * different from the process' effective uid.
+ */
+#define PRIV_FILE_LINK_ANY ((const char *)"file_link_any")
+
+/*
+ * Allows a process which is not the owner of a file or directory
+ * to perform the following operations that are normally permitted
+ * only for the file owner: modify that file's access and
+ * modification times; remove or rename a file or directory whose
+ * parent directory has the ``save text image after execution''
+ * (sticky) bit set; mount a ``namefs'' upon a file; modify
+ * permission bits or ACL except for the set-uid and set-gid
+ * bits.
+ */
+#define PRIV_FILE_OWNER ((const char *)"file_owner")
+
+/*
+ * Allows a process to change the ownership of a file or write to
+ * a file without the set-user-ID and set-group-ID bits being
+ * cleared.
+ * Allows a process to set the set-group-ID bit on a file or
+ * directory whose group is not the process' effective group or
+ * one of the process' supplemental groups.
+ * Allows a process to set the set-user-ID bit on a file with
+ * different ownership in the presence of PRIV_FILE_OWNER.
+ * Additional restrictions apply when creating or modifying a
+ * set-uid 0 file.
+ */
+#define PRIV_FILE_SETID ((const char *)"file_setid")
+
+/*
+ * Allows a process to set the sensitivity label of a file or
+ * directory to a sensitivity label that dominates the existing
+ * sensitivity label.
+ * This privilege is interpreted only if the system is configured
+ * with Trusted Extensions.
+ */
+#define PRIV_FILE_UPGRADE_SL ((const char *)"file_upgrade_sl")
+
+/*
+ * Allows a process to set immutable, nounlink or appendonly
+ * file attributes.
+ */
+#define PRIV_FILE_FLAG_SET ((const char *)"file_flag_set")
+
+/*
+ * Allows a process to make privileged ioctls to graphics devices.
+ * Typically only xserver process needs to have this privilege.
+ * A process with this privilege is also allowed to perform
+ * privileged graphics device mappings.
+ */
+#define PRIV_GRAPHICS_ACCESS ((const char *)"graphics_access")
+
+/*
+ * Allows a process to perform privileged mappings through a
+ * graphics device.
+ */
+#define PRIV_GRAPHICS_MAP ((const char *)"graphics_map")
+
+/*
+ * Allows a process to read a System V IPC
+ * Message Queue, Semaphore Set, or Shared Memory Segment whose
+ * permission bits do not allow the process read permission.
+ * Allows a process to read remote shared memory whose
+ * permission bits do not allow the process read permission.
+ */
+#define PRIV_IPC_DAC_READ ((const char *)"ipc_dac_read")
+
+/*
+ * Allows a process to write a System V IPC
+ * Message Queue, Semaphore Set, or Shared Memory Segment whose
+ * permission bits do not allow the process write permission.
+ * Allows a process to read remote shared memory whose
+ * permission bits do not allow the process write permission.
+ * Additional restrictions apply if the owner of the object has uid 0
+ * and the effective uid of the current process is not 0.
+ */
+#define PRIV_IPC_DAC_WRITE ((const char *)"ipc_dac_write")
+
+/*
+ * Allows a process which is not the owner of a System
+ * V IPC Message Queue, Semaphore Set, or Shared Memory Segment to
+ * remove, change ownership of, or change permission bits of the
+ * Message Queue, Semaphore Set, or Shared Memory Segment.
+ * Additional restrictions apply if the owner of the object has uid 0
+ * and the effective uid of the current process is not 0.
+ */
+#define PRIV_IPC_OWNER ((const char *)"ipc_owner")
+
+/*
+ * Allow a process to bind to a port that is configured as a
+ * multi-level port(MLP) for the process's zone. This privilege
+ * applies to both shared address and zone-specific address MLPs.
+ * See tnzonecfg(4) from the Trusted Extensions manual pages for
+ * information on configuring MLP ports.
+ * This privilege is interpreted only if the system is configured
+ * with Trusted Extensions.
+ */
+#define PRIV_NET_BINDMLP ((const char *)"net_bindmlp")
+
+/*
+ * Allows a process to send and receive ICMP packets.
+ */
+#define PRIV_NET_ICMPACCESS ((const char *)"net_icmpaccess")
+
+/*
+ * Allows a process to set NET_MAC_AWARE process flag by using
+ * setpflags(2). This privilege also allows a process to set
+ * SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET).
+ * The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket
+ * option both allow a local process to communicate with an
+ * unlabeled peer if the local process' label dominates the
+ * peer's default label, or if the local process runs in the
+ * global zone.
+ * This privilege is interpreted only if the system is configured
+ * with Trusted Extensions.
+ */
+#define PRIV_NET_MAC_AWARE ((const char *)"net_mac_aware")
+
+/*
+ * Allows a process to access /dev/lo0 and the devices in /dev/ipnet/
+ * while not requiring them to need PRIV_NET_RAWACCESS.
+ */
+#define PRIV_NET_OBSERVABILITY ((const char *)"net_observability")
+
+/*
+ * Allows a process to bind to a privileged port
+ * number. The privilege port numbers are 1-1023 (the traditional
+ * UNIX privileged ports) as well as those ports marked as
+ * "udp/tcp_extra_priv_ports" with the exception of the ports
+ * reserved for use by NFS.
+ */
+#define PRIV_NET_PRIVADDR ((const char *)"net_privaddr")
+
+/*
+ * Allows a process to have direct access to the network layer.
+ */
+#define PRIV_NET_RAWACCESS ((const char *)"net_rawaccess")
+
+/*
+ * Allows a process to generate audit records.
+ * Allows a process to get its own audit pre-selection information.
+ */
+#define PRIV_PROC_AUDIT ((const char *)"proc_audit")
+
+/*
+ * Allows a process to change its root directory.
+ */
+#define PRIV_PROC_CHROOT ((const char *)"proc_chroot")
+
+/*
+ * Allows a process to use high resolution timers.
+ */
Home |
Main Index |
Thread Index |
Old Index