1 <?xml version='1.0'?>
   2 <!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
   3 
   4 <!--
   5  Copyright 2015, Richard Lowe.
   6 
   7  CDDL HEADER START
   8 
   9  This file and its contents are supplied under the terms of the
  10  Common Development and Distribution License ("CDDL"), version 1.0.
  11  You may only use this file in accordance with the terms of version
  12  1.0 of the CDDL.
  13 
  14  A full copy of the text of the CDDL should have accompanied this
  15  source.  A copy of the CDDL is also available via the Internet at
  16  http://www.illumos.org/license/CDDL.
  17 
  18  CDDL HEADER END
  19 
  20         NOTE:  This service manifest is not editable; its contents will
  21         be overwritten by package or patch operations, including
  22         operating system upgrade.  Make customizations in a different
  23         file.
  24 -->
  25 
  26 <service_bundle type="manifest" name="process-security">
  27         <service name="system/process-security" type="service" version="1">
  28                 <!-- Initial state of the service is disabled -->
  29                 <create_default_instance enabled="false" />
  30 
  31                 <single_instance />
  32 
  33                 <!-- We don't actually have any methods, but we create a
  34                      default instance so that we show up in svcs -a -->
  35 
  36                 <exec_method type="method" name="start"      exec=":true" timeout_seconds="0"/>
  37                 <exec_method type="method" name="stop" exec=":true" timeout_seconds="30"/>
  38 
  39                 <property_group name='startd' type='framework'>
  40                   <propval name='duration' type='astring' value='transient' />
  41                 </property_group>
  42 
  43                 <property_group name='default' type='application'>
  44                   <propval name='aslr' type='boolean' value='false' />
  45                   <propval name='forbidnullmap' type='boolean' value='false' />
  46                   <propval name='noexecstack' type='boolean' value='false' />
  47 
  48                   <propval name='value_authorization' type='astring'
  49                            value='solaris.smf.value.process-security' />
  50                 </property_group>
  51 
  52                 <property_group name='lower' type='application'>
  53                   <propval name='aslr' type='boolean' value='false' />
  54                   <propval name='forbidnullmap' type='boolean' value='false' />
  55                   <propval name='noexecstack' type='boolean' value='false' />
  56 
  57                   <propval name='value_authorization' type='astring'
  58                            value='solaris.smf.value.process-security' />
  59                 </property_group>
  60 
  61                 <property_group name='upper' type='application'>
  62                   <propval name='aslr' type='boolean' value='true' />
  63                   <propval name='forbidnullmap' type='boolean' value='true' />
  64                   <propval name='noexecstack' type='boolean' value='true' />
  65 
  66                   <propval name='value_authorization' type='astring'
  67                            value='solaris.smf.value.process-security' />
  68                 </property_group>
  69 
  70 
  71 
  72                 <stability value="Unstable" />
  73 
  74                 <template>
  75                         <common_name>
  76                                 <loctext xml:lang='C'>Security Flag Configuration</loctext>
  77                         </common_name>
  78                         <documentation>
  79                                 <manpage title='security-flags' section='5'
  80                                          manpath='/usr/share/man' />
  81                                 <manpage title='psecflags' section='1'
  82                                          manpath='/usr/share/man' />
  83                         </documentation>
  84                 </template>
  85         </service>
  86 </service_bundle>