Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -117,10 +117,11 @@
         table_init(AUT_IPC_PERM, "IPC_perm", s5_IPC_perm_token, T_ENCLOSED);
         table_init(AUT_GROUPS, "group", group_token, T_ELEMENT);
         table_initx(AUT_LABEL, "sensitivity label", "sensitivity_label",
             label_token, T_ELEMENT);
         table_init(AUT_PRIV, "privilege", privilege_token, T_EXTENDED);
+        table_init(AUT_SECFLAGS, "secflags", secflags_token, T_EXTENDED);
         table_initx(AUT_UPRIV, "use of privilege", "use_of_privilege",
             useofpriv_token, T_EXTENDED);
         table_init(AUT_LIAISON, "liaison", liaison_token, T_ELEMENT);
         table_init(AUT_NEWGROUPS, "group", newgroup_token, T_ELEMENT);
         table_init(AUT_EXEC_ARGS, "exec_args", exec_args_token, T_ELEMENT);