Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
This information is Copyright 2009 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
Basic Network Privilege
1.2. Name of Document Author/Supplier:
Author: Casper Dik
1.3 Date of This Document:
22 December, 2009
4. Technical Description
I'm sponsoring this fasttrack for myself.
This project proposes one new "basic" privilege.
NET_ACCESS
Allows a process to open a network connection.
The purpose of this privilege is the ability to create a process
confined to the current system.
The NET_ACCESS basic privilege is required for opening any IP endpoint
(socket(), t_open()) except those which already require a different
privilege, e.g., raw sockets.
Note: a "basic" privilege is a privilege which is part of the
default I, P and E privilege set. Basic privileges should never be
removed from I, P and E unless it is known that the specific privilege
is not used in the application.
Requested binding: patch/minor
There is no need to update the socket(3*) and t_open(3nsl) manual pages
as both calls already cater for a permission error.
--- privileges.5 Mon Dec 21 11:46:34 2009
+++ privileges.5.new Mon Dec 21 11:53:27 2009
@@ -180,6 +180,9 @@
remove, change ownership of, or change permission bits of the
Message Queue, Semaphore Set, or Shared Memory Segment.
+ PRIV_NET_ACCESS
+ Allows a process to open a network connection.
+
PRIV_NET_BINDMLP
Allow a process to bind to a port that is configured as a
multi-level port (MLP) for the process's zone. This privilege
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
osnet
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
