'\" te
.\"  Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
.TH mwac 5 "2 Jan 2014" "SunOS 5.11" "Standards, Environments, and Macros"
.SH NAME
mwac, MWAC \- Mandatory Write Access Control
.SH DESCRIPTION
.sp
.LP
Mandatory Write Access Control (MWAC) implements a new policy in the Oracle Solaris operating environment, that allows for fine- grained control over the writability of objects on otherwise read-only file systems.
.sp
.LP
In the current instance of the Oracle Solaris operating environment, the kernel implements the MWAC policy for non-global and global zones preventing any overruling of the policy from within the zone.
.sp
.LP
Zones marked as \fBread-only\fR have their root file system write-protected by MWAC. Only the file system objects that are write-listed by the read-only-profile are writable. See \fBzonecfg\fR(1M). Other file system objects are read-only.
.sp
.LP
Creating links to objects that are read-only by virtue of the MWAC-policy is not allowed. 
.sp
.LP
Process with the \fBPRIV_PROC_TPD\fR flag set are exempt from the MWAC-policy. Such process can be created by using Trusted Path login or using the \fB-T\fR or \fB-U\fR option for \fBzlogin\fR.
.SH SEE ALSO
.sp
.LP
\fBln\fR(1), \fBzlogin\fR(1), \fBzoneadm\fR(1M), \fBzonecfg\fR(1M), \fBgetpflags\fR(2), \fBlink\fR(2), \fBpathconf\fR(2), \fBtpd\fR(5)