Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -128,13 +128,18 @@
<!ELEMENT admin EMPTY>
<!ATTLIST admin user CDATA #REQUIRED
auths CDATA #REQUIRED>
+<!ELEMENT security-flags EMPTY>
+
+<!ATTLIST security-flags default CDATA "" lower
+ CDATA "" upper CDATA "">
+
<!ELEMENT zone (filesystem | inherited-pkg-dir | network | device |
deleted-device | rctl | attr | dataset | package | patch | dev-
-perm | tmp_pool | pset | mcap | admin)*>
+perm | tmp_pool | pset | mcap | admin | security-flags)*>
<!ATTLIST zone name CDATA #REQUIRED zonepath CDATA
#REQUIRED autoboot (true | false) #REQUIRED ip-
type CDATA "" hostid CDATA "" pool
CDATA "" limitpriv CDATA "" bootargs CDATA ""