Print this page
smf: switch to a tri-state for process-security properties true=on,false=off,nil=default

*** 76,95 **** .RE System default security-flags are configured via properties on the \fBsvc:/system/process-security\fR service, which contains a boolean property per-flag in the \fBdefault\fR, \fBlower\fR and \fBupper\fR, property groups. ! For example, to enable ASLR by default you would execute the following ! commands: .sp .in +2 .nf # svccfg -s svc:/system/process-security setprop default/aslr = true .fi .in -2 .sp .P This can be done by any user with the \fBsolaris.smf.value.process-security\fR authorization. .P Since security-flags are strictly inherited, this will not take effect until the system or zone is next booted. --- 76,105 ---- .RE System default security-flags are configured via properties on the \fBsvc:/system/process-security\fR service, which contains a boolean property per-flag in the \fBdefault\fR, \fBlower\fR and \fBupper\fR, property groups. ! The value indicates the setting of the flag, flags with no value take their ! defaults. For example, to enable ASLR by default you would execute the ! following commands: .sp .in +2 .nf # svccfg -s svc:/system/process-security setprop default/aslr = true .fi .in -2 .sp .P + To restore the setting to the defaults you would execute: + .sp + .in +2 + .nf + # svccfg -s svc:/system/process-security delpropvalue default/aslr true + .fi + .in -2 + .sp + .P This can be done by any user with the \fBsolaris.smf.value.process-security\fR authorization. .P Since security-flags are strictly inherited, this will not take effect until the system or zone is next booted.