Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap.  Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it


1711 secpolicy_kmdb(const cred_t *scr)
1712 {
1713         return (PRIV_POLICY(scr, PRIV_ALL, B_FALSE, EPERM, NULL));
1714 }
1715 
1716 int
1717 secpolicy_error_inject(const cred_t *scr)
1718 {
1719         return (PRIV_POLICY(scr, PRIV_ALL, B_FALSE, EPERM, NULL));
1720 }
1721 
1722 /*
1723  * Processor sets, cpu configuration, resource pools.
1724  */
1725 int
1726 secpolicy_pset(const cred_t *cr)
1727 {
1728         return (PRIV_POLICY(cr, PRIV_SYS_RES_CONFIG, B_FALSE, EPERM, NULL));
1729 }
1730 













1731 /*
1732  * Processor set binding.
1733  */
1734 int
1735 secpolicy_pbind(const cred_t *cr)
1736 {
1737         if (PRIV_POLICY_ONLY(cr, PRIV_SYS_RES_CONFIG, B_FALSE))
1738                 return (secpolicy_pset(cr));
1739         return (PRIV_POLICY(cr, PRIV_SYS_RES_BIND, B_FALSE, EPERM, NULL));
1740 }
1741 
1742 int
1743 secpolicy_ponline(const cred_t *cr)
1744 {
1745         return (PRIV_POLICY(cr, PRIV_SYS_RES_CONFIG, B_FALSE, EPERM, NULL));
1746 }
1747 
1748 int
1749 secpolicy_pool(const cred_t *cr)
1750 {




1711 secpolicy_kmdb(const cred_t *scr)
1712 {
1713         return (PRIV_POLICY(scr, PRIV_ALL, B_FALSE, EPERM, NULL));
1714 }
1715 
1716 int
1717 secpolicy_error_inject(const cred_t *scr)
1718 {
1719         return (PRIV_POLICY(scr, PRIV_ALL, B_FALSE, EPERM, NULL));
1720 }
1721 
1722 /*
1723  * Processor sets, cpu configuration, resource pools.
1724  */
1725 int
1726 secpolicy_pset(const cred_t *cr)
1727 {
1728         return (PRIV_POLICY(cr, PRIV_SYS_RES_CONFIG, B_FALSE, EPERM, NULL));
1729 }
1730 
1731 /* Process security flags */
1732 int
1733 secpolicy_psecflags(const cred_t *cr, proc_t *tp, proc_t *sp)
1734 {
1735         if (PRIV_POLICY(cr, PRIV_PROC_SECFLAGS, B_FALSE, EPERM, NULL) != 0)
1736                 return (EPERM);
1737 
1738         if (!prochasprocperm(tp, sp, cr))
1739                 return (EPERM);
1740 
1741         return (0);
1742 }
1743 
1744 /*
1745  * Processor set binding.
1746  */
1747 int
1748 secpolicy_pbind(const cred_t *cr)
1749 {
1750         if (PRIV_POLICY_ONLY(cr, PRIV_SYS_RES_CONFIG, B_FALSE))
1751                 return (secpolicy_pset(cr));
1752         return (PRIV_POLICY(cr, PRIV_SYS_RES_BIND, B_FALSE, EPERM, NULL));
1753 }
1754 
1755 int
1756 secpolicy_ponline(const cred_t *cr)
1757 {
1758         return (PRIV_POLICY(cr, PRIV_SYS_RES_CONFIG, B_FALSE, EPERM, NULL));
1759 }
1760 
1761 int
1762 secpolicy_pool(const cred_t *cr)
1763 {