il_7029-1-2 Sdiff usr/src/man/man5/security-flags.5

Print this page

Code review comments from jeffpc

   1 .\"
   2 .\" This file and its contents are supplied under the terms of the
   3 .\" Common Development and Distribution License ("CDDL"), version 1.0.
   4 .\" You may only use this file in accordance with the terms of version
   5 .\" 1.0 of the CDDL.
   6 .\"
   7 .\" A full copy of the text of the CDDL should have accompanied this
   8 .\" source.  A copy of the CDDL is also available via the Internet at
   9 .\" http://www.illumos.org/license/CDDL.
  10 .\"
  11 .\" Copyright 2015, Richard Lowe.
  12 .\"
  13 .TH "SECURITY-FLAGS" "5" "May 5, 2014"
  14 .SH "NAME"
  15 \fBsecurity-flags\fR - process security flags
  16 .SH "DESCRIPTION"
  17 Each process on an illumos system has an associated set of security-flags
  18 which describe additional per-process security and exploit mitigation
  19 features which are enabled for that process.
  20 .P
  21 There are four sets of these flags for each process, the effective set
  22 (abbreviated \fIE\fR) are the set which currently apply to the process and are
  23 immutable. The inheritable set (abbreviated \fII\fR) are the flags which will
  24 become effective the next time the process calls one of the \fBexec(2)\fR
  25 family of functions, and will be inherited as both the effective and
  26 inheritable sets by any child processes. The upper set (abbreviated \fIU\fR)
  27 specify the maximal flags that a process can have in its inheritable set.  The
  28 lower set (abbreviated \fIL\fR) specify the minimal amount of flags that a
  29 process must have in its inheritable set.  The inheritable set may be changed
  30 at any time, subject to permissions and the lower and upper sets.
  31 .P
  32 To change the security-flags of a process one must have both permissions
  33 equivalent to those required to send a signal to the process and have the

   1 .\"
   2 .\" This file and its contents are supplied under the terms of the
   3 .\" Common Development and Distribution License ("CDDL"), version 1.0.
   4 .\" You may only use this file in accordance with the terms of version
   5 .\" 1.0 of the CDDL.
   6 .\"
   7 .\" A full copy of the text of the CDDL should have accompanied this
   8 .\" source.  A copy of the CDDL is also available via the Internet at
   9 .\" http://www.illumos.org/license/CDDL.
  10 .\"
  11 .\" Copyright 2015, Richard Lowe.
  12 .\"
  13 .TH "SECURITY-FLAGS" "5" "June 6, 2016"
  14 .SH "NAME"
  15 \fBsecurity-flags\fR - process security flags
  16 .SH "DESCRIPTION"
  17 Each process on an illumos system has an associated set of security-flags
  18 which describe additional per-process security and exploit mitigation
  19 features which are enabled for that process.
  20 .P
  21 There are four sets of these flags for each process, the effective set
  22 (abbreviated \fIE\fR) are the set which currently apply to the process and are
  23 immutable. The inheritable set (abbreviated \fII\fR) are the flags which will
  24 become effective the next time the process calls one of the \fBexec(2)\fR
  25 family of functions, and will be inherited as both the effective and
  26 inheritable sets by any child processes. The upper set (abbreviated \fIU\fR)
  27 specify the maximal flags that a process can have in its inheritable set.  The
  28 lower set (abbreviated \fIL\fR) specify the minimal amount of flags that a
  29 process must have in its inheritable set.  The inheritable set may be changed
  30 at any time, subject to permissions and the lower and upper sets.
  31 .P
  32 To change the security-flags of a process one must have both permissions
  33 equivalent to those required to send a signal to the process and have the