8.18 allowpriv

• Syntax
  allowpriv net$\mid$boot$\mid$quotaon$\mid$ swapon$\mid$mount $\mid$rawio$\mid$ptrace$\mid$chroot$\mid$unlabel $\mid$memlock$\mid$nice$\mid$resource$\mid$ time$\mid$devcreate$\mid$setattr$\mid$search$\mid$read $\mid$write$\mid$all
• Meaning
  Allow other priviledges.
  1. net
     Allow capability CAP_NET_ADMIN(Such as administrate NIC, route table).
  2. boot
     Allow capabilityCAP_SYS_BOOT. This means allow the usage of reboot system call.
  3. insmod
     Allow capabilityCAP_SYS_MODULE. This means allow to install kernel module.
  4. quotaon
     Allow to quotaon.
  5. swapon
     Allow to swapon.
  6. mount
     Allow to mount device.
  7. rawio
     Allow capability CAP_SYS_RAWIO.This means usage of ioperm, iopl system call and access to /dev/mem.
  8. ptrace
     Allow to use ptrace.
  9. chroot
     Allow to use chroot.
  10. unlabel
      Allow full access to unlabeled files(Files labeled as unlabeled_t).
  11. memlock
      Allow capability CAP_IPC_LOCK. This means to lock memory.
  12. nice
      Allow capability CAP_SYS_NICE. This means process scheduling.
  13. resource
      Allow capability CAP_SYS_RESOURCE. This means usage of rlimit etc.
  14. time
      Allow capability CAP_SYS_TIME. Thie means modify system clock.
  15. devcreate
      Allow to create device files in directory that the domain can write. Without this, a process can not create device file on a directory even it is configured writable.
  16. setattr
      Allow to setattr to files that the domain can s access. Without this setattr permission is granted in w permission.
  17. search
      Allow s permission to all files.
  18. read
      Allow r permission to all files.
  19. write
      Allow w permission to all files.
  20. all