Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 30,39 **** --- 30,40 ---- #include <libscf.h> #include <limits.h> #include <priv.h> #include <pwd.h> #include <sys/types.h> + #include <sys/secflags.h> #ifdef __cplusplus extern "C" { #endif
*** 263,280 **** restarter_contract_type_t); ssize_t restarter_state_to_string(restarter_instance_state_t, char *, size_t); restarter_instance_state_t restarter_string_to_state(char *); ! #define RESTARTER_METHOD_CONTEXT_VERSION 7 struct method_context { /* Stable */ uid_t uid, euid; gid_t gid, egid; int ngroups; /* -1 means use initgroups(). */ gid_t groups[NGROUPS_MAX]; priv_set_t *lpriv_set, *priv_set; char *corefile_pattern; /* Optional. */ char *project; /* NULL for no change */ char *resource_pool; /* NULL for project default */ char *working_dir; /* NULL for :default */ --- 264,283 ---- restarter_contract_type_t); ssize_t restarter_state_to_string(restarter_instance_state_t, char *, size_t); restarter_instance_state_t restarter_string_to_state(char *); ! #define RESTARTER_METHOD_CONTEXT_VERSION 8 struct method_context { /* Stable */ uid_t uid, euid; gid_t gid, egid; int ngroups; /* -1 means use initgroups(). */ gid_t groups[NGROUPS_MAX]; + psecflags_t def_secflags; + secflagdelta_t secflag_delta; priv_set_t *lpriv_set, *priv_set; char *corefile_pattern; /* Optional. */ char *project; /* NULL for no change */ char *resource_pool; /* NULL for project default */ char *working_dir; /* NULL for :default */