Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -140,14 +140,20 @@
<!ELEMENT admin EMPTY>
<!ATTLIST admin user CDATA #REQUIRED
auths CDATA #REQUIRED>
+<!ELEMENT security-flags EMPTY>
+
+<!ATTLIST security-flags default CDATA ""
+ lower CDATA ""
+ upper CDATA "">
+
<!ELEMENT zone (filesystem | inherited-pkg-dir | network | device |
deleted-device | rctl | attr | dataset | package |
patch | dev-perm | tmp_pool | pset |
- mcap | admin)*>
+ mcap | admin | security-flags)*>
<!ATTLIST zone name CDATA #REQUIRED
zonepath CDATA #REQUIRED
autoboot (true | false) #REQUIRED
ip-type CDATA ""