Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 30,39 ****
--- 30,40 ----
#include <libscf.h>
#include <limits.h>
#include <priv.h>
#include <pwd.h>
#include <sys/types.h>
+ #include <sys/secflags.h>
#ifdef __cplusplus
extern "C" {
#endif
*** 263,280 ****
restarter_contract_type_t);
ssize_t restarter_state_to_string(restarter_instance_state_t, char *, size_t);
restarter_instance_state_t restarter_string_to_state(char *);
! #define RESTARTER_METHOD_CONTEXT_VERSION 7
struct method_context {
/* Stable */
uid_t uid, euid;
gid_t gid, egid;
int ngroups; /* -1 means use initgroups(). */
gid_t groups[NGROUPS_MAX];
priv_set_t *lpriv_set, *priv_set;
char *corefile_pattern; /* Optional. */
char *project; /* NULL for no change */
char *resource_pool; /* NULL for project default */
char *working_dir; /* NULL for :default */
--- 264,283 ----
restarter_contract_type_t);
ssize_t restarter_state_to_string(restarter_instance_state_t, char *, size_t);
restarter_instance_state_t restarter_string_to_state(char *);
! #define RESTARTER_METHOD_CONTEXT_VERSION 8
struct method_context {
/* Stable */
uid_t uid, euid;
gid_t gid, egid;
int ngroups; /* -1 means use initgroups(). */
gid_t groups[NGROUPS_MAX];
+ psecflags_t def_secflags;
+ secflagdelta_t secflag_delta;
priv_set_t *lpriv_set, *priv_set;
char *corefile_pattern; /* Optional. */
char *project; /* NULL for no change */
char *resource_pool; /* NULL for project default */
char *working_dir; /* NULL for :default */