Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 133,153 **** %token FS ATTR DEVICE RCTL SPECIAL RAW DIR OPTIONS TYPE ADDRESS PHYSICAL %token IPTYPE HOSTID FS_ALLOWED ALLOWED_ADDRESS %token NAME MATCH PRIV LIMIT ACTION VALUE EQUAL OPEN_SQ_BRACKET CLOSE_SQ_BRACKET %token OPEN_PAREN CLOSE_PAREN COMMA DATASET LIMITPRIV BOOTARGS BRAND PSET PCAP %token MCAP NCPUS IMPORTANCE SHARES MAXLWPS MAXSHMMEM MAXSHMIDS MAXMSGIDS ! %token MAXSEMIDS LOCKED SWAP SCHED CLEAR DEFROUTER ADMIN USER AUTHS MAXPROCS %type <strval> TOKEN EQUAL OPEN_SQ_BRACKET CLOSE_SQ_BRACKET property_value OPEN_PAREN CLOSE_PAREN COMMA simple_prop_val %type <complex> complex_piece complex_prop_val %type <ival> resource_type NET FS DEVICE RCTL ATTR DATASET PSET PCAP MCAP ! ADMIN %type <ival> property_name SPECIAL RAW DIR OPTIONS TYPE ADDRESS PHYSICAL NAME MATCH ZONENAME ZONEPATH AUTOBOOT POOL LIMITPRIV BOOTARGS VALUE PRIV LIMIT ACTION BRAND SCHED IPTYPE DEFROUTER HOSTID USER AUTHS FS_ALLOWED ! ALLOWED_ADDRESS %type <cmd> command %type <cmd> add_command ADD %type <cmd> cancel_command CANCEL %type <cmd> commit_command COMMIT %type <cmd> create_command CREATE --- 133,154 ---- %token FS ATTR DEVICE RCTL SPECIAL RAW DIR OPTIONS TYPE ADDRESS PHYSICAL %token IPTYPE HOSTID FS_ALLOWED ALLOWED_ADDRESS %token NAME MATCH PRIV LIMIT ACTION VALUE EQUAL OPEN_SQ_BRACKET CLOSE_SQ_BRACKET %token OPEN_PAREN CLOSE_PAREN COMMA DATASET LIMITPRIV BOOTARGS BRAND PSET PCAP %token MCAP NCPUS IMPORTANCE SHARES MAXLWPS MAXSHMMEM MAXSHMIDS MAXMSGIDS ! %token MAXSEMIDS LOCKED SWAP SCHED CLEAR DEFROUTER ADMIN SECFLAGS USER AUTHS MAXPROCS ! %token DEFAULT UPPER LOWER %type <strval> TOKEN EQUAL OPEN_SQ_BRACKET CLOSE_SQ_BRACKET property_value OPEN_PAREN CLOSE_PAREN COMMA simple_prop_val %type <complex> complex_piece complex_prop_val %type <ival> resource_type NET FS DEVICE RCTL ATTR DATASET PSET PCAP MCAP ! ADMIN SECFLAGS %type <ival> property_name SPECIAL RAW DIR OPTIONS TYPE ADDRESS PHYSICAL NAME MATCH ZONENAME ZONEPATH AUTOBOOT POOL LIMITPRIV BOOTARGS VALUE PRIV LIMIT ACTION BRAND SCHED IPTYPE DEFROUTER HOSTID USER AUTHS FS_ALLOWED ! ALLOWED_ADDRESS DEFAULT UPPER LOWER %type <cmd> command %type <cmd> add_command ADD %type <cmd> cancel_command CANCEL %type <cmd> commit_command COMMIT %type <cmd> create_command CREATE
*** 957,966 **** --- 958,968 ---- | DATASET { $$ = RT_DATASET; } | PSET { $$ = RT_DCPU; } | PCAP { $$ = RT_PCAP; } | MCAP { $$ = RT_MCAP; } | ADMIN { $$ = RT_ADMIN; } + | SECFLAGS { $$ = RT_SECFLAGS; } property_name: SPECIAL { $$ = PT_SPECIAL; } | RAW { $$ = PT_RAW; } | DIR { $$ = PT_DIR; } | TYPE { $$ = PT_TYPE; }
*** 997,1006 **** --- 999,1011 ---- | SCHED { $$ = PT_SCHED; } | HOSTID { $$ = PT_HOSTID; } | USER { $$ = PT_USER; } | AUTHS { $$ = PT_AUTHS; } | FS_ALLOWED { $$ = PT_FS_ALLOWED; } + | DEFAULT { $$ = PT_DEFAULT; } + | UPPER { $$ = PT_UPPER; } + | LOWER { $$ = PT_LOWER; } /* * The grammar builds data structures from the bottom up. Thus various * strings are lexed into TOKENs or commands or resource or property values. * Below is where the resource and property values are built up into more