Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


 156           mode      CDATA #REQUIRED          uid       CDATA #REQUIRED          gid
 157           CDATA #REQUIRED          fsid      CDATA #REQUIRED          nodeid
 158           CDATA #REQUIRED          device         CDATA #REQUIRED >
 159 
 160 <!-- cmd token --> <!ELEMENT cmd            (argv*, arge*)> <!ELEMENT argv
 161                (#PCDATA)> <!ELEMENT arge         (#PCDATA)>
 162 
 163 <!-- exec_args token --> <!ELEMENT exec_args     (arg*)> <!ELEMENT arg
 164                (#PCDATA)>
 165 
 166 <!-- exec_env token -->   <!ELEMENT exec_env     (env*)> <!ELEMENT env
 167                (#PCDATA)>
 168 
 169 <!-- arbitrary token --> <!ELEMENT arbitrary     (#PCDATA)> <!ATTLIST
 170 arbitrary           print          CDATA #REQUIRED          type      CDATA
 171 #REQUIRED           count          CDATA #REQUIRED >
 172 
 173 <!-- privilege token --> <!ELEMENT privilege     (#PCDATA)> <!ATTLIST
 174 privilege           set-type  CDATA #REQUIRED >
 175 




 176 <!-- use_of_privilege token -->   <!ELEMENT use_of_privilege  (#PCDATA)>
 177 <!ATTLIST use_of_privilege      result         CDATA #REQUIRED >
 178 
 179 <!-- sensitivity_label token --> <!ELEMENT sensitivity_label    (#PCDATA)>
 180 
 181 <!-- use_of_authorization token      --> <!ELEMENT use_of_authorization
 182      (#PCDATA)>
 183 
 184 <!-- IPC token --> <!ELEMENT IPC            EMPTY> <!ATTLIST IPC
 185           ipc-type  CDATA #REQUIRED          ipc-id         CDATA #REQUIRED >
 186 
 187 <!-- IPC_perm token -->   <!ELEMENT IPC_perm     EMPTY> <!ATTLIST IPC_perm
 188           uid       CDATA #REQUIRED          gid       CDATA #REQUIRED          creator-
 189 uid  CDATA #REQUIRED          creator-gid    CDATA #REQUIRED          mode
 190           CDATA #REQUIRED          seq       CDATA #REQUIRED          key       CDATA
 191 #REQUIRED >
 192 
 193 <!-- ip_address      token --> <!ELEMENT ip_address           (#PCDATA)>
 194 
 195 <!-- ip_port token --> <!-- (NOTE: ip_port is obsolete and is no longer




 156           mode      CDATA #REQUIRED          uid       CDATA #REQUIRED          gid
 157           CDATA #REQUIRED          fsid      CDATA #REQUIRED          nodeid
 158           CDATA #REQUIRED          device         CDATA #REQUIRED >
 159 
 160 <!-- cmd token --> <!ELEMENT cmd            (argv*, arge*)> <!ELEMENT argv
 161                (#PCDATA)> <!ELEMENT arge         (#PCDATA)>
 162 
 163 <!-- exec_args token --> <!ELEMENT exec_args     (arg*)> <!ELEMENT arg
 164                (#PCDATA)>
 165 
 166 <!-- exec_env token -->   <!ELEMENT exec_env     (env*)> <!ELEMENT env
 167                (#PCDATA)>
 168 
 169 <!-- arbitrary token --> <!ELEMENT arbitrary     (#PCDATA)> <!ATTLIST
 170 arbitrary           print          CDATA #REQUIRED          type      CDATA
 171 #REQUIRED           count          CDATA #REQUIRED >
 172 
 173 <!-- privilege token --> <!ELEMENT privilege     (#PCDATA)> <!ATTLIST
 174 privilege           set-type  CDATA #REQUIRED >
 175 
 176 <!-- secflags token -->   <!ELEMENT secflags     (#PCDATA)> <!ATTLIST
 177 secflags       set-type  CDATA #REQUIRED >
 178 
 179 
 180 <!-- use_of_privilege token -->   <!ELEMENT use_of_privilege  (#PCDATA)>
 181 <!ATTLIST use_of_privilege      result         CDATA #REQUIRED >
 182 
 183 <!-- sensitivity_label token --> <!ELEMENT sensitivity_label    (#PCDATA)>
 184 
 185 <!-- use_of_authorization token      --> <!ELEMENT use_of_authorization
 186      (#PCDATA)>
 187 
 188 <!-- IPC token --> <!ELEMENT IPC            EMPTY> <!ATTLIST IPC
 189           ipc-type  CDATA #REQUIRED          ipc-id         CDATA #REQUIRED >
 190 
 191 <!-- IPC_perm token -->   <!ELEMENT IPC_perm     EMPTY> <!ATTLIST IPC_perm
 192           uid       CDATA #REQUIRED          gid       CDATA #REQUIRED          creator-
 193 uid  CDATA #REQUIRED          creator-gid    CDATA #REQUIRED          mode
 194           CDATA #REQUIRED          seq       CDATA #REQUIRED          key       CDATA
 195 #REQUIRED >
 196 
 197 <!-- ip_address      token --> <!ELEMENT ip_address           (#PCDATA)>
 198 
 199 <!-- ip_port token --> <!-- (NOTE: ip_port is obsolete and is no longer