Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/svc/dtd/service_bundle.dtd.1.man.txt
          +++ new/usr/src/cmd/svc/dtd/service_bundle.dtd.1.man.txt
↓ open down ↓ 451 lines elided ↑ open up ↑
 452  452  getdefaultproj(3PROJECT) for the non-root         user specified by the
 453  453  credential or profile specified.        If the user is root, ":default"
 454  454  designates the project        the restarter is running in.
 455  455  
 456  456       resource_pool The resource pool name to launch the method on.
 457  457            ":default" can be used as a token to indicate use of the         pool
 458  458  specified in the project(4) entry given in the         "project" attribute
 459  459  above.  --> <!ELEMENT method_context    ( (method_profile |
 460  460  method_credential)?, method_environment? ) >
 461  461  
 462      -<!ATTLIST method_context      working_directory   CDATA #IMPLIED      project
 463      -               CDATA #IMPLIED      resource_pool       CDATA #IMPLIED >
      462 +<!ATTLIST method_context      security_flags      CDATA #IMPLIED
      463 +     working_directory   CDATA #IMPLIED      project             CDATA #IMPLIED
      464 +     resource_pool       CDATA #IMPLIED >
 464  465  
 465  466  <!-- Restarter delegation, methods, and monitors -->
 466  467  
 467  468  <!--
 468  469    exec_method
 469  470  
 470  471      This element describes one of the methods used by the designated
 471  472      restarter to act on the service instance.  Its interpretation is
 472  473      left to the restarter to which a particular service instance is
 473  474      delegated.  It contains a set of attributes, an optional method
↓ open down ↓ 459 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX