Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -2,11 +2,11 @@
 .\" Copyright (c) 2004, 2009 Sun Microsystems, Inc. All Rights Reserved.
 .\" Copyright 2013 Joyent, Inc. All Rights Reserved.
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
 .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH ZONECFG 1M "Feb 28, 2014"
+.TH ZONECFG 1M "Jun 6, 2016"
 .SH NAME
 zonecfg \- set up zone configuration
 .SH SYNOPSIS
 .LP
 .nf

@@ -27,11 +27,10 @@
 .nf
 \fBzonecfg\fR help
 .fi
 
 .SH DESCRIPTION
-.sp
 .LP
 The \fBzonecfg\fR utility creates and modifies the configuration of a zone.
 Zone configuration consists of a number of resources and properties.
 .sp
 .LP

@@ -70,11 +69,10 @@
 installed distribution in the global zone. Some brands do not support all of
 the \fBzonecfg\fR properties and resources. See the brand-specific man page for
 more details on each brand. For an overview of brands, see the \fBbrands\fR(5)
 man page.
 .SS "Resources"
-.sp
 .LP
 The following resource types are supported:
 .sp
 .ne 2
 .na

@@ -163,12 +161,21 @@
 .sp .6
 .RS 4n
 Resource control.
 .RE
 
-.SS "Properties"
 .sp
+.ne 2
+.na
+\fB\fBsecurity-flags\fR\fR
+.ad
+.sp .6
+.RS 4n
+Process security flag settings.
+.RE
+
+.SS "Properties"
 .LP
 Each resource type has one or more properties. There are also some global
 properties, that is, properties of the configuration as a whole, rather than of
 some particular resource.
 .sp

@@ -423,10 +430,20 @@
 .RS 4n
 \fBncpus\fR
 .RE
 
 .sp
+.ne 2
+.na
+\fB\fBsecurity-flags\fB\fB
+.ad
+.sp .6
+.RS 4n
+\fBlower\fR, \fBdefault\fR, \fBupper\fR.
+.RE
+
+.sp
 .LP
 As for the property values which are paired with these names, they are either
 simple, complex, or lists. The type allowed is property-specific. Simple values
 are strings, optionally enclosed within quotation marks. Complex values have
 the syntax:

@@ -863,10 +880,22 @@
 .RE
 
 .sp
 .ne 2
 .na
+\fB\fBsecurity-flags\fR: lower, default, upper\fR
+.ad
+.sp .6
+.RS 4n
+Set the process security flags associated with the zone.  The \fBlower\fR and
+\fBupper\fR fields set the limits, the \fBdefault\fR field is set of flags all
+zone processes inherit.
+.RE
+
+.sp
+.ne 2
+.na
 \fBglobal: \fBfs-allowed\fR\fR
 .ad
 .sp .6
 .RS 4n
 A comma-separated list of additional filesystems that may be mounted within

@@ -926,10 +955,13 @@
 capped-memory     physical        simple with scale
                    swap            simple with scale
                    locked          simple with scale
 
 capped-cpu        ncpus           simple
+security-flags    lower           simple
+                   default        simple
+                   upper          simple
 .fi
 .in -2
 .sp
 
 .sp

@@ -942,11 +974,10 @@
 contain alphanumerics plus the hyphen (\fB-\fR), underscore (\fB_\fR), and dot
 (\fB\&.\fR) characters. Attribute names beginning with "zone" are reserved for
 use by the system. Finally, the "autoboot" global property must have a value of
 "true" or "false".
 .SS "Using Kernel Statistics to Monitor CPU Caps"
-.sp
 .LP
 Using the kernel statistics (\fBkstat\fR(3KSTAT)) module \fBcaps\fR, the system
 maintains information for all capped projects and zones. You can access this
 information by reading kernel statistics (\fBkstat\fR(3KSTAT)), specifying
 \fBcaps\fR as the \fBkstat\fR module name. The following command displays

@@ -1095,11 +1126,10 @@
 
 .sp
 .LP
 See \fBEXAMPLES\fR for sample output from a \fBkstat\fR command.
 .SH OPTIONS
-.sp
 .LP
 The following options are supported:
 .sp
 .ne 2
 .na

@@ -1124,11 +1154,10 @@
 name \fBglobal\fR and all names beginning with \fBSUNW\fR are reserved and
 cannot be used.
 .RE
 
 .SH SUBCOMMANDS
-.sp
 .LP
 You can use the \fBadd\fR and \fBselect\fR subcommands to select a specific
 resource, at which point the scope changes to that resource. The \fBend\fR and
 \fBcancel\fR subcommands are used to complete the resource specification, at
 which time the scope is reverted back to global. Certain subcommands, such as

@@ -1801,11 +1830,10 @@
 .fi
 .in -2
 .sp
 
 .SH EXIT STATUS
-.sp
 .LP
 The following exit values are returned:
 .sp
 .ne 2
 .na

@@ -1835,11 +1863,10 @@
 .RS 4n
 Invalid usage.
 .RE
 
 .SH ATTRIBUTES
-.sp
 .LP
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
 
 .sp

@@ -1851,22 +1878,20 @@
 _
 Interface Stability     Volatile
 .TE
 
 .SH SEE ALSO
-.sp
 .LP
 \fBppriv\fR(1), \fBprctl\fR(1), \fBzlogin\fR(1), \fBkstat\fR(1M),
 \fBmount\fR(1M), \fBpooladm\fR(1M), \fBpoolcfg\fR(1M), \fBpoold\fR(1M),
 \fBrcapd\fR(1M), \fBrctladm\fR(1M), \fBsvcadm\fR(1M), \fBsysidtool\fR(1M),
 \fBzfs\fR(1M), \fBzoneadm\fR(1M), \fBpriv_str_to_set\fR(3C),
 \fBkstat\fR(3KSTAT), \fBvfstab\fR(4), \fBattributes\fR(5), \fBbrands\fR(5),
 \fBfnmatch\fR(5), \fBlx\fR(5), \fBprivileges\fR(5), \fBresource_controls\fR(5),
-\fBzones\fR(5)
+\fBsecurity-flags\fR(5), \fBzones\fR(5)
 .sp
 .LP
 \fISystem Administration Guide: Solaris Containers-Resource Management, and
 Solaris Zones\fR
 .SH NOTES
-.sp
 .LP
 All character data used by \fBzonecfg\fR must be in US-ASCII encoding.