Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/svc/dtd/service_bundle.dtd.1
          +++ new/usr/src/cmd/svc/dtd/service_bundle.dtd.1
↓ open down ↓ 528 lines elided ↑ open up ↑
 529  529  
 530  530          resource_pool The resource pool name to launch the method on.
 531  531                  ":default" can be used as a token to indicate use of the
 532  532                  pool specified in the project(4) entry given in the
 533  533                  "project" attribute above.
 534  534  -->
 535  535  <!ELEMENT method_context
 536  536          ( (method_profile | method_credential)?, method_environment? ) >
 537  537  
 538  538  <!ATTLIST method_context
      539 +        security_flags          CDATA #IMPLIED
 539  540          working_directory       CDATA #IMPLIED
 540  541          project                 CDATA #IMPLIED
 541  542          resource_pool           CDATA #IMPLIED >
 542  543  
 543  544  <!-- Restarter delegation, methods, and monitors -->
 544  545  
 545  546  <!--
 546  547    exec_method
 547  548  
 548  549      This element describes one of the methods used by the designated
↓ open down ↓ 543 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX