Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

*** 9514,9523 **** --- 9514,9525 ---- SCF_SUCCESS || scf_pg_get_property(pg, SCF_PROPERTY_PROJECT, NULL) == SCF_SUCCESS || scf_pg_get_property(pg, SCF_PROPERTY_RESOURCE_POOL, NULL) == SCF_SUCCESS || + scf_pg_get_property(pg, SCF_PROPERTY_SECFLAGS, NULL) == + SCF_SUCCESS || scf_pg_get_property(pg, SCF_PROPERTY_USE_PROFILE, NULL) == SCF_SUCCESS; if (nonenv) { ctxt = xmlNewNode(NULL, (xmlChar *)"method_context");
*** 9538,9547 **** --- 9540,9555 ---- if (pg_get_prop(pg, SCF_PROPERTY_RESOURCE_POOL, exp_prop) == 0 && set_attr_from_prop_default(exp_prop, ctxt, "resource_pool", ":default") != 0) err = 1; + + if (pg_get_prop(pg, SCF_PROPERTY_SECFLAGS, exp_prop) == 0 && + set_attr_from_prop_default(exp_prop, ctxt, + "security_flags", ":default") != 0) + err = 1; + /* * We only want to complain about profile or credential * properties if we will use them. To determine that we must * examine USE_PROFILE. */
*** 9660,9670 **** continue; } else if (strcmp(exp_str, SCF_PROPERTY_USER) == 0 || strcmp(exp_str, SCF_PROPERTY_GROUP) == 0 || strcmp(exp_str, SCF_PROPERTY_SUPP_GROUPS) == 0 || strcmp(exp_str, SCF_PROPERTY_PRIVILEGES) == 0 || ! strcmp(exp_str, SCF_PROPERTY_LIMIT_PRIVILEGES) == 0) { if (nonenv && !use_profile) continue; } else if (strcmp(exp_str, SCF_PROPERTY_PROFILE) == 0) { if (nonenv && use_profile) continue; --- 9668,9679 ---- continue; } else if (strcmp(exp_str, SCF_PROPERTY_USER) == 0 || strcmp(exp_str, SCF_PROPERTY_GROUP) == 0 || strcmp(exp_str, SCF_PROPERTY_SUPP_GROUPS) == 0 || strcmp(exp_str, SCF_PROPERTY_PRIVILEGES) == 0 || ! strcmp(exp_str, SCF_PROPERTY_LIMIT_PRIVILEGES) == 0 || ! strcmp(exp_str, SCF_PROPERTY_SECFLAGS) == 0) { if (nonenv && !use_profile) continue; } else if (strcmp(exp_str, SCF_PROPERTY_PROFILE) == 0) { if (nonenv && use_profile) continue;
*** 9846,9855 **** --- 9855,9868 ---- err = 1; } else if (strcmp(exp_str, SCF_PROPERTY_RESOURCE_POOL) == 0) { if (set_attr_from_prop(exp_prop, n, "resource_pool") != 0) err = 1; + } else if (strcmp(exp_str, SCF_PROPERTY_SECFLAGS) == 0) { + if (set_attr_from_prop(exp_prop, n, + "security_flags") != 0) + err = 1; } else if (strcmp(exp_str, SCF_PROPERTY_USE_PROFILE) == 0) { /* EMPTY */ } else if (strcmp(exp_str, SCF_PROPERTY_USER) == 0) { if (use_profile || set_attr_from_prop(exp_prop, cred, "user") != 0)