Process manager abilities

Within the kernel and process manager, control over a process's ability to perform many actions is governed not by the user ID (UID) of the process, but by a set of approximately 70 permissions called process manager (procmgr) abilities.

Because a process's abilities may also be tested by a resource manager that receives a message from the process, abilities can control things outside the domain of the kernel and process manager. To make this capability more useful, the set of 70 or so static abilities may be augmented by additional custom abilities, allowing resource managers to use abilities to control access to whatever they see fit.

Use of abilities allows the privileges afforded a process to be tailored to its needs rather than being all or nothing. The original way to configure abilities (which is still frequently used) is to start up resource managers as root with the full set of abilities. After completing initialization, the process reconfigures its non-root set of abilities, granting privileged abilities it will require and dropping others. It then calls setuid() to switch permanently to non-root and continues with just what it needs for its operation. The use of security policies (described in the next section) provides a simpler and more secure way to configure a process's abilities.

See “Abilities” for a list of abilities.

These are the methods that can be used to configure a process's abilities:

A security policy. For more information, see “Using Security Policies”.
The procmgr_ability() function.

The pidin utility allows you to display abilities information about a process. See the pidin entry in the Utilities Reference.