Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/c2/audit.h
          +++ new/usr/src/uts/common/c2/audit.h
↓ open down ↓ 31 lines elided ↑ open up ↑
  32   32  
  33   33  #ifdef __cplusplus
  34   34  extern "C" {
  35   35  #endif
  36   36  
  37   37  
  38   38  #include <sys/shm.h>    /* for shmid_ds structure */
  39   39  #include <sys/sem.h>    /* for semid_ds structure */
  40   40  #include <sys/msg.h>    /* for msqid_ds structure */
  41   41  #include <sys/atomic.h> /* using atomics */
       42 +#include <sys/secflags.h>
  42   43  
  43   44  /*
  44   45   * Audit conditions, statements reguarding what's to be done with
  45   46   * audit records.  None of the "global state" is returned by an
  46   47   * auditconfig -getcond call.  AUC_NOSPACE no longer seems used.
  47   48   */
  48   49  /* global state */
  49   50  #define AUC_UNSET       0       /* on/off hasn't been decided */
  50   51  #define AUC_ENABLED     1       /* loaded and enabled */
  51   52  /* pseudo state used in libbsm */
↓ open down ↓ 531 lines elided ↑ open up ↑
 583  584  
 584  585  int     audit_success(au_kcontext_t *, struct t_audit_data *, int, cred_t *);
 585  586  int     auditme(au_kcontext_t *, struct t_audit_data *, au_state_t);
 586  587  void    audit_fixpath(struct audit_path *, int);
 587  588  void    audit_ipc(int, int, void *);
 588  589  void    audit_ipcget(int, void *);
 589  590  void    audit_fdsend(int, struct file *, int);
 590  591  void    audit_fdrecv(int, struct file *);
 591  592  void    audit_priv(int, const struct priv_set *, int);
 592  593  void    audit_setppriv(int, int, const struct priv_set *, const cred_t *);
      594 +void    audit_psecflags(proc_t *, psecflagwhich_t,
      595 +    const secflagdelta_t *);
 593  596  void    audit_devpolicy(int, const struct devplcysys *);
 594  597  void    audit_update_context(proc_t *, cred_t *);
 595  598  void    audit_kssl(int, void *, int);
 596  599  void    audit_pf_policy(int, cred_t *, netstack_t *, char *, boolean_t, int,
 597  600      pid_t);
 598  601  void    audit_sec_attributes(caddr_t *, struct vnode *);
 599  602  
 600  603  #endif
 601  604  
 602  605  #ifdef __cplusplus
 603  606  }
 604  607  #endif
 605  608  
 606  609  #endif /* _BSM_AUDIT_H */
    
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX