Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/svc/milestone/global.xml
          +++ new/usr/src/cmd/svc/milestone/global.xml
↓ open down ↓ 537 lines elided ↑ open up ↑
 538  538                              required='false'>
 539  539                                  <description>
 540  540                                          <loctext xml:lang='C'>
 541  541  The resource pool name in which to launch the method.  ":default" can be used
 542  542  as a token to indicate the pool specified in the project(4) entry given in
 543  543  the project attribute.
 544  544                                          </loctext>
 545  545                                  </description>
 546  546                                  <cardinality min='1' max='1'/>
 547  547                          </prop_pattern>
      548 +                        <prop_pattern name='security_flags' type='astring'
      549 +                            required='false'>
      550 +                                <description>
      551 +                                        <loctext xml:lang='C'>
      552 +An optional string specifying the security flags as defined in security-flags(5).
      553 +                                        </loctext>
      554 +                                </description>
      555 +                                <cardinality min='1' max='1'/>
      556 +                        </prop_pattern>
 548  557  
 549  558                          <!-- method_credential properties -->
 550  559                          <prop_pattern name='user' type='astring'
 551  560                              required='false'>
 552  561                                  <description>
 553  562                                          <loctext xml:lang='C'>
 554  563  The user ID in numeric or text form.
 555  564                                          </loctext>
 556  565                                  </description>
 557  566                                  <cardinality min='1' max='1'/>
↓ open down ↓ 95 lines elided ↑ open up ↑
 653  662                                  <description>
 654  663                                          <loctext xml:lang='C'>
 655  664  A boolean property where a "true" value indicates an RPC service, equivalent to inetd/isrpc property.
 656  665                                          </loctext>
 657  666                                  </description>
 658  667                          </prop_pattern>
 659  668                          <prop_pattern name='ipf_method' type='astring'
 660  669                              required='false'>
 661  670                                  <common_name>
 662  671                                          <loctext xml:lang='C'>
 663      -Custom firewall script 
      672 +Custom firewall script
 664  673                                          </loctext>
 665  674                                  </common_name>
 666  675                                  <description>
 667  676                                          <loctext xml:lang='C'>
 668  677  A script that generates ipf rules for a service. Services that require custom IPfilter configuration can use this mechanism to generate and supply their own ipf rules.  The firewall framework does not generate rules for services that has this property definition but expect these services to provide their own rules.
 669  678                                          </loctext>
 670  679                                  </description>
 671  680                          </prop_pattern> </pg_pattern>
 672  681  
 673  682                  <pg_pattern name='firewall_config'
↓ open down ↓ 261 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX