Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


 290        privileges
 291 
 292            An optional string specifying the privilege set as defined in
 293            privileges(5).
 294 
 295 
 296        limit_privileges
 297 
 298            An optional string specifying the limit privilege set as defined in
 299            privileges(5).
 300 
 301 
 302        working_directory
 303 
 304            The home directory from which to launch the method. :home can be
 305            used as a token to indicate the home directory of the user whose
 306            uid is used to launch the method. If the property is unset, :home
 307            is used.
 308 
 309 


















 310        corefile_pattern
 311 
 312            An optional string that specifies the corefile pattern to use for
 313            the service, as per coreadm(1M). Most restarters supply a default.
 314            Setting this property overrides local customizations to the global
 315            core pattern.
 316 
 317 
 318        project
 319 
 320            The project ID in numeric or text form. :default can be used as a
 321            token to indicate a project identified by getdefaultproj(3PROJECT)
 322            for the user whose uid is used to launch the method.
 323 
 324 
 325        resource_pool
 326 
 327            The resource pool name on which to launch the method. :default can
 328            be used as a token to indicate the pool specified in the project(4)
 329            entry given in the project attribute above.


 355 
 356            File descriptor 0 is /dev/null. File descriptors 1 and 2 are
 357            recommended to be a per-service log file.
 358 
 359 
 360 FILES
 361        /lib/svc/share/smf_include.sh
 362 
 363            Definitions of exit status values.
 364 
 365 
 366        /usr/include/libscf.h
 367 
 368            Definitions of exit status codes.
 369 
 370 
 371 SEE ALSO
 372        zonename(1), coreadm(1M), inetd(1M), svccfg(1M), svc.startd(1M),
 373        exec(2), fork(2), getdefaultproj(3PROJECT), exec_attr(4), project(4),
 374        service_bundle(4), attributes(5), privileges(5), rbac(5), smf(5),
 375        smf_bootstrap(5), zones(5)
 376 
 377 NOTES
 378        The present version of smf(5) does not support multiple repositories.
 379 
 380 
 381        When a service is configured to be started as root but with privileges
 382        different from limit_privileges, the resulting process is privilege
 383        aware.  This can be surprising to developers who expect seteuid(<non-
 384        zero UID>) to reduce privileges to basic      or less.
 385 
 386 
 387 
 388                                  May 20, 2009                    SMF_METHOD(5)


 290        privileges
 291 
 292            An optional string specifying the privilege set as defined in
 293            privileges(5).
 294 
 295 
 296        limit_privileges
 297 
 298            An optional string specifying the limit privilege set as defined in
 299            privileges(5).
 300 
 301 
 302        working_directory
 303 
 304            The home directory from which to launch the method. :home can be
 305            used as a token to indicate the home directory of the user whose
 306            uid is used to launch the method. If the property is unset, :home
 307            is used.
 308 
 309 
 310        security_flags
 311 
 312            The security flags to apply when launching the method.  See
 313            security-flags(5).
 314 
 315 
 316            The "default" keyword specifies those flags specified in
 317            svc:/system/process-security.  The "all" keyword enables all flags,
 318            the "none" keyword enables no flags.  Further flags may be added by
 319            specifying their name, or removed by specifying their name prefixed
 320            by '-' or '!'.
 321 
 322 
 323            Use of "all" has associated risks, as future versions of the system
 324            may include further flags which may harm poorly implemented
 325            software.
 326 
 327 
 328        corefile_pattern
 329 
 330            An optional string that specifies the corefile pattern to use for
 331            the service, as per coreadm(1M). Most restarters supply a default.
 332            Setting this property overrides local customizations to the global
 333            core pattern.
 334 
 335 
 336        project
 337 
 338            The project ID in numeric or text form. :default can be used as a
 339            token to indicate a project identified by getdefaultproj(3PROJECT)
 340            for the user whose uid is used to launch the method.
 341 
 342 
 343        resource_pool
 344 
 345            The resource pool name on which to launch the method. :default can
 346            be used as a token to indicate the pool specified in the project(4)
 347            entry given in the project attribute above.


 373 
 374            File descriptor 0 is /dev/null. File descriptors 1 and 2 are
 375            recommended to be a per-service log file.
 376 
 377 
 378 FILES
 379        /lib/svc/share/smf_include.sh
 380 
 381            Definitions of exit status values.
 382 
 383 
 384        /usr/include/libscf.h
 385 
 386            Definitions of exit status codes.
 387 
 388 
 389 SEE ALSO
 390        zonename(1), coreadm(1M), inetd(1M), svccfg(1M), svc.startd(1M),
 391        exec(2), fork(2), getdefaultproj(3PROJECT), exec_attr(4), project(4),
 392        service_bundle(4), attributes(5), privileges(5), rbac(5), smf(5),
 393        smf_bootstrap(5), zones(5), security-flags(5)
 394 
 395 NOTES
 396        The present version of smf(5) does not support multiple repositories.
 397 
 398 
 399        When a service is configured to be started as root but with privileges
 400        different from limit_privileges, the resulting process is privilege
 401        aware.  This can be surprising to developers who expect seteuid(<non-
 402        zero UID>) to reduce privileges to basic      or less.
 403 
 404 
 405 
 406                                  June 6, 2016                    SMF_METHOD(5)