Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split
Expand all
Collapse all
          --- old/usr/src/cmd/zonecfg/zonecfg_grammar.y
          +++ new/usr/src/cmd/zonecfg/zonecfg_grammar.y
↓ open down ↓ 127 lines elided ↑ open up ↑
 128  128  
 129  129  %start commands
 130  130  
 131  131  %token HELP CREATE EXPORT ADD DELETE REMOVE SELECT SET INFO CANCEL END VERIFY
 132  132  %token COMMIT REVERT EXIT SEMICOLON TOKEN ZONENAME ZONEPATH AUTOBOOT POOL NET
 133  133  %token FS ATTR DEVICE RCTL SPECIAL RAW DIR OPTIONS TYPE ADDRESS PHYSICAL
 134  134  %token IPTYPE HOSTID FS_ALLOWED ALLOWED_ADDRESS
 135  135  %token NAME MATCH PRIV LIMIT ACTION VALUE EQUAL OPEN_SQ_BRACKET CLOSE_SQ_BRACKET
 136  136  %token OPEN_PAREN CLOSE_PAREN COMMA DATASET LIMITPRIV BOOTARGS BRAND PSET PCAP
 137  137  %token MCAP NCPUS IMPORTANCE SHARES MAXLWPS MAXSHMMEM MAXSHMIDS MAXMSGIDS
 138      -%token MAXSEMIDS LOCKED SWAP SCHED CLEAR DEFROUTER ADMIN USER AUTHS MAXPROCS
      138 +%token MAXSEMIDS LOCKED SWAP SCHED CLEAR DEFROUTER ADMIN SECFLAGS USER AUTHS MAXPROCS
      139 +%token DEFAULT UPPER LOWER
 139  140  
 140  141  %type <strval> TOKEN EQUAL OPEN_SQ_BRACKET CLOSE_SQ_BRACKET
 141  142      property_value OPEN_PAREN CLOSE_PAREN COMMA simple_prop_val
 142  143  %type <complex> complex_piece complex_prop_val
 143  144  %type <ival> resource_type NET FS DEVICE RCTL ATTR DATASET PSET PCAP MCAP
 144      -    ADMIN
      145 +    ADMIN SECFLAGS
 145  146  %type <ival> property_name SPECIAL RAW DIR OPTIONS TYPE ADDRESS PHYSICAL NAME
 146  147      MATCH ZONENAME ZONEPATH AUTOBOOT POOL LIMITPRIV BOOTARGS VALUE PRIV LIMIT
 147  148      ACTION BRAND SCHED IPTYPE DEFROUTER HOSTID USER AUTHS FS_ALLOWED
 148      -    ALLOWED_ADDRESS
      149 +    ALLOWED_ADDRESS DEFAULT UPPER LOWER
 149  150  %type <cmd> command
 150  151  %type <cmd> add_command ADD
 151  152  %type <cmd> cancel_command CANCEL
 152  153  %type <cmd> commit_command COMMIT
 153  154  %type <cmd> create_command CREATE
 154  155  %type <cmd> delete_command DELETE
 155  156  %type <cmd> end_command END
 156  157  %type <cmd> exit_command EXIT
 157  158  %type <cmd> export_command EXPORT
 158  159  %type <cmd> help_command HELP
↓ open down ↓ 793 lines elided ↑ open up ↑
 952  953  resource_type: NET      { $$ = RT_NET; }
 953  954          | FS            { $$ = RT_FS; }
 954  955          | DEVICE        { $$ = RT_DEVICE; }
 955  956          | RCTL          { $$ = RT_RCTL; }
 956  957          | ATTR          { $$ = RT_ATTR; }
 957  958          | DATASET       { $$ = RT_DATASET; }
 958  959          | PSET          { $$ = RT_DCPU; }
 959  960          | PCAP          { $$ = RT_PCAP; }
 960  961          | MCAP          { $$ = RT_MCAP; }
 961  962          | ADMIN         { $$ = RT_ADMIN; }
      963 +        | SECFLAGS      { $$ = RT_SECFLAGS; }
 962  964  
 963  965  property_name: SPECIAL  { $$ = PT_SPECIAL; }
 964  966          | RAW           { $$ = PT_RAW; }
 965  967          | DIR           { $$ = PT_DIR; }
 966  968          | TYPE          { $$ = PT_TYPE; }
 967  969          | OPTIONS       { $$ = PT_OPTIONS; }
 968  970          | ZONENAME      { $$ = PT_ZONENAME; }
 969  971          | ZONEPATH      { $$ = PT_ZONEPATH; }
 970  972          | AUTOBOOT      { $$ = PT_AUTOBOOT; }
 971  973          | IPTYPE        { $$ = PT_IPTYPE; }
↓ open down ↓ 20 lines elided ↑ open up ↑
 992  994          | MAXPROCS      { $$ = PT_MAXPROCS; }
 993  995          | MAXSHMMEM     { $$ = PT_MAXSHMMEM; }
 994  996          | MAXSHMIDS     { $$ = PT_MAXSHMIDS; }
 995  997          | MAXMSGIDS     { $$ = PT_MAXMSGIDS; }
 996  998          | MAXSEMIDS     { $$ = PT_MAXSEMIDS; }
 997  999          | SCHED         { $$ = PT_SCHED; }
 998 1000          | HOSTID        { $$ = PT_HOSTID; }
 999 1001          | USER          { $$ = PT_USER; }
1000 1002          | AUTHS         { $$ = PT_AUTHS; }
1001 1003          | FS_ALLOWED    { $$ = PT_FS_ALLOWED; }
     1004 +        | DEFAULT       { $$ = PT_DEFAULT; }
     1005 +        | UPPER         { $$ = PT_UPPER; }
     1006 +        | LOWER         { $$ = PT_LOWER; }
1002 1007  
1003 1008  /*
1004 1009   * The grammar builds data structures from the bottom up.  Thus various
1005 1010   * strings are lexed into TOKENs or commands or resource or property values.
1006 1011   * Below is where the resource and property values are built up into more
1007 1012   * complex data structures.
1008 1013   *
1009 1014   * There are three kinds of properties: simple (single valued), complex
1010 1015   * (one or more name=value pairs) and list (concatenation of one or more
1011 1016   * simple or complex properties).
↓ open down ↓ 92 lines elided ↑ open up ↑
1104 1109          | property_name EQUAL resource_type
1105 1110          {
1106 1111                  if (($$ = complex_piece_func($1, res_types[$3], NULL)) == NULL)
1107 1112                          YYERROR;
1108 1113          }
1109 1114          | property_name EQUAL property_name
1110 1115          {
1111 1116                  if (($$ = complex_piece_func($1, prop_types[$3], NULL)) == NULL)
1112 1117                          YYERROR;
1113 1118          }
1114      -        | property_name EQUAL TOKEN COMMA complex_piece 
     1119 +        | property_name EQUAL TOKEN COMMA complex_piece
1115 1120          {
1116 1121                  $$ = complex_piece_func($1, $3, complex);
1117 1122                  free(claim_token($3));
1118 1123                  if ($$ == NULL)
1119 1124                          YYERROR;
1120 1125          }
1121      -        | property_name EQUAL resource_type COMMA complex_piece 
     1126 +        | property_name EQUAL resource_type COMMA complex_piece
1122 1127          {
1123 1128                  if (($$ = complex_piece_func($1, res_types[$3], complex)) ==
1124 1129                      NULL)
1125 1130                          YYERROR;
1126 1131          }
1127      -        | property_name EQUAL property_name COMMA complex_piece 
     1132 +        | property_name EQUAL property_name COMMA complex_piece
1128 1133          {
1129 1134                  if (($$ = complex_piece_func($1, prop_types[$3], complex)) ==
1130 1135                      NULL)
1131 1136                          YYERROR;
1132 1137          }
1133 1138  
1134 1139  list_piece: simple_prop_val
1135 1140          | complex_prop_val
1136 1141          | simple_prop_val COMMA list_piece
1137 1142          | complex_prop_val COMMA list_piece
1138 1143  
1139 1144  list_prop_val: OPEN_SQ_BRACKET list_piece CLOSE_SQ_BRACKET
1140 1145  %%