Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 250,259 ****
--- 250,266 ----
struct zone_admintab {
char zone_admin_user[MAXUSERNAME];
char zone_admin_auths[MAXAUTHS];
};
+ #define ZONECFG_SECFLAGS_MAX 1024
+ struct zone_secflagstab {
+ char zone_secflags_lower[ZONECFG_SECFLAGS_MAX];
+ char zone_secflags_upper[ZONECFG_SECFLAGS_MAX];
+ char zone_secflags_default[ZONECFG_SECFLAGS_MAX];
+ };
+
typedef struct zone_userauths {
char user[MAXUSERNAME];
char zonename[ZONENAME_MAX];
struct zone_userauths *next;
} zone_userauths_t;
*** 426,435 ****
--- 433,452 ----
*/
extern int zonecfg_delete_mcap(zone_dochandle_t);
extern int zonecfg_modify_mcap(zone_dochandle_t, struct zone_mcaptab *);
extern int zonecfg_lookup_mcap(zone_dochandle_t, struct zone_mcaptab *);
+ /* security-flags configuration */
+ extern int zonecfg_add_secflags(zone_dochandle_t,
+ struct zone_secflagstab *);
+ extern int zonecfg_delete_secflags(zone_dochandle_t,
+ struct zone_secflagstab *);
+ extern int zonecfg_modify_secflags(zone_dochandle_t,
+ struct zone_secflagstab *, struct zone_secflagstab *);
+ extern int zonecfg_lookup_secflags(zone_dochandle_t,
+ struct zone_secflagstab *);
+
/*
* Temporary pool support functions.
*/
extern int zonecfg_destroy_tmp_pool(char *, char *, int);
extern int zonecfg_bind_tmp_pool(zone_dochandle_t, zoneid_t, char *, int);
*** 493,502 ****
--- 510,521 ----
struct zone_devpermtab *);
extern int zonecfg_enddevperment(zone_dochandle_t);
extern int zonecfg_setadminent(zone_dochandle_t);
extern int zonecfg_getadminent(zone_dochandle_t, struct zone_admintab *);
extern int zonecfg_endadminent(zone_dochandle_t);
+ extern int zonecfg_getsecflagsent(zone_dochandle_t,
+ struct zone_secflagstab *);
/*
* Privilege-related functions.
*/
extern int zonecfg_default_privset(priv_set_t *, const char *);