Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -37,10 +37,11 @@
#include <sys/shm.h> /* for shmid_ds structure */
#include <sys/sem.h> /* for semid_ds structure */
#include <sys/msg.h> /* for msqid_ds structure */
#include <sys/atomic.h> /* using atomics */
+#include <sys/secflags.h>
/*
* Audit conditions, statements reguarding what's to be done with
* audit records. None of the "global state" is returned by an
* auditconfig -getcond call. AUC_NOSPACE no longer seems used.
@@ -588,10 +589,12 @@
void audit_ipcget(int, void *);
void audit_fdsend(int, struct file *, int);
void audit_fdrecv(int, struct file *);
void audit_priv(int, const struct priv_set *, int);
void audit_setppriv(int, int, const struct priv_set *, const cred_t *);
+void audit_psecflags(proc_t *, psecflagwhich_t,
+ const secflagdelta_t *);
void audit_devpolicy(int, const struct devplcysys *);
void audit_update_context(proc_t *, cred_t *);
void audit_kssl(int, void *, int);
void audit_pf_policy(int, cred_t *, netstack_t *, char *, boolean_t, int,
pid_t);