Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -133,21 +133,22 @@
 %token FS ATTR DEVICE RCTL SPECIAL RAW DIR OPTIONS TYPE ADDRESS PHYSICAL
 %token IPTYPE HOSTID FS_ALLOWED ALLOWED_ADDRESS
 %token NAME MATCH PRIV LIMIT ACTION VALUE EQUAL OPEN_SQ_BRACKET CLOSE_SQ_BRACKET
 %token OPEN_PAREN CLOSE_PAREN COMMA DATASET LIMITPRIV BOOTARGS BRAND PSET PCAP
 %token MCAP NCPUS IMPORTANCE SHARES MAXLWPS MAXSHMMEM MAXSHMIDS MAXMSGIDS
-%token MAXSEMIDS LOCKED SWAP SCHED CLEAR DEFROUTER ADMIN USER AUTHS MAXPROCS
+%token MAXSEMIDS LOCKED SWAP SCHED CLEAR DEFROUTER ADMIN SECFLAGS USER AUTHS MAXPROCS
+%token DEFAULT UPPER LOWER
 
 %type <strval> TOKEN EQUAL OPEN_SQ_BRACKET CLOSE_SQ_BRACKET
     property_value OPEN_PAREN CLOSE_PAREN COMMA simple_prop_val
 %type <complex> complex_piece complex_prop_val
 %type <ival> resource_type NET FS DEVICE RCTL ATTR DATASET PSET PCAP MCAP
-    ADMIN
+    ADMIN SECFLAGS
 %type <ival> property_name SPECIAL RAW DIR OPTIONS TYPE ADDRESS PHYSICAL NAME
     MATCH ZONENAME ZONEPATH AUTOBOOT POOL LIMITPRIV BOOTARGS VALUE PRIV LIMIT
     ACTION BRAND SCHED IPTYPE DEFROUTER HOSTID USER AUTHS FS_ALLOWED
-    ALLOWED_ADDRESS
+    ALLOWED_ADDRESS DEFAULT UPPER LOWER
 %type <cmd> command
 %type <cmd> add_command ADD
 %type <cmd> cancel_command CANCEL
 %type <cmd> commit_command COMMIT
 %type <cmd> create_command CREATE

@@ -957,10 +958,11 @@
         | DATASET       { $$ = RT_DATASET; }
         | PSET          { $$ = RT_DCPU; }
         | PCAP          { $$ = RT_PCAP; }
         | MCAP          { $$ = RT_MCAP; }
         | ADMIN         { $$ = RT_ADMIN; }
+        | SECFLAGS      { $$ = RT_SECFLAGS; }
 
 property_name: SPECIAL  { $$ = PT_SPECIAL; }
         | RAW           { $$ = PT_RAW; }
         | DIR           { $$ = PT_DIR; }
         | TYPE          { $$ = PT_TYPE; }

@@ -997,10 +999,13 @@
         | SCHED         { $$ = PT_SCHED; }
         | HOSTID        { $$ = PT_HOSTID; }
         | USER          { $$ = PT_USER; }
         | AUTHS         { $$ = PT_AUTHS; }
         | FS_ALLOWED    { $$ = PT_FS_ALLOWED; }
+        | DEFAULT       { $$ = PT_DEFAULT; }
+        | UPPER         { $$ = PT_UPPER; }
+        | LOWER         { $$ = PT_LOWER; }
 
 /*
  * The grammar builds data structures from the bottom up.  Thus various
  * strings are lexed into TOKENs or commands or resource or property values.
  * Below is where the resource and property values are built up into more