Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/brand/labeled/zone/config.xml
          +++ new/usr/src/lib/brand/labeled/zone/config.xml
↓ open down ↓ 74 lines elided ↑ open up ↑
  75   75          <privilege set="default" name="net_icmpaccess" />
  76   76          <privilege set="default" name="net_mac_aware" />
  77   77          <privilege set="default" name="net_observability" />
  78   78          <privilege set="default" name="net_privaddr" />
  79   79          <privilege set="default" name="net_rawaccess" ip-type="exclusive" />
  80   80          <privilege set="default" name="proc_chroot" />
  81   81          <privilege set="default" name="sys_audit" />
  82   82          <privilege set="default" name="proc_audit" />
  83   83          <privilege set="default" name="proc_lock_memory" />
  84   84          <privilege set="default" name="proc_owner" />
       85 +        <privilege set="default" name="proc_secflags" />
  85   86          <privilege set="default" name="proc_setid" />
  86   87          <privilege set="default" name="proc_taskid" />
  87   88          <privilege set="default" name="sys_acct" />
  88   89          <privilege set="default" name="sys_admin" />
  89   90          <privilege set="default" name="sys_ip_config" ip-type="exclusive" />
  90   91          <privilege set="default" name="sys_iptun_config" ip-type="exclusive" />
  91   92          <privilege set="default" name="sys_mount" />
  92   93          <privilege set="default" name="sys_nfs" />
  93   94          <privilege set="default" name="sys_resource" />
  94   95          <privilege set="default" name="sys_ppp_config" ip-type="exclusive" />
↓ open down ↓ 19 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX