'\" te
.\" Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
.TH tpd 5 "02 Jan 2014" "SunOS 5.11" "&man5;"
.SH NAME
tpd, TPD \- Trusted Path Domain
.SH DESCRIPTION
.sp
.LP
On immutable zones, certain processes are marked as part of the Trusted Path Domain (TPD). These processes are allowed to perform all restricted options from that processes perspective. The zone looks like an ordinary read-write global or non-global zone.
.sp
.LP
In order to prevent non-TPD process from interfering with TPD processes, TPD processes cannot be trussed by non-TPD processes. TPD-processes terminals and fifos are marked specifically and they cannot be opened by non-TPD processes.
.sp
.LP
The protected TPD processes are not allowed to open to read files, terminals or fifos not protected by the \fBmwac\fR(5) policy. These files can be changed by the untrusted super-user. The content of those files, terminals or fifos cannot be trusted, unless the \fBO_TPDUNSAFE\fR flag is set during \fBopen\fR(2) or when the processes is marked as \fBPRIV_TPD_UNSAFE\fR using \fBsetpflags\fR(2).
.SH SEE ALSO
.sp
.LP
\fBtruss\fR(1), \fBzlogin\fR(1), \fBopen\fR(2), \fBsetpflags\fR(2), \fBmwac\fR(5)