Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/svc/milestone/restarter.xml
          +++ new/usr/src/cmd/svc/milestone/restarter.xml
↓ open down ↓ 649 lines elided ↑ open up ↑
 650  650                                  <description>
 651  651                                          <loctext xml:lang='C'>
 652  652  The resource pool name on which to launch the method.  :default can be used
 653  653  as a token to indicate the pool specified in the project(4) entry given in
 654  654  the project attribute.
 655  655                                          </loctext>
 656  656                                  </description>
 657  657                                  <cardinality min='1' max='1'/>
 658  658                          </prop_pattern>
 659  659  
      660 +                        <prop_pattern name='security_flags' type='astring'
      661 +                            required='false'>
      662 +                                <common_name>
      663 +                                        <loctext xml:lang='C'>
      664 +method credential security flags
      665 +                                        </loctext>
      666 +                                </common_name>
      667 +                                <description>
      668 +                                        <loctext xml:lang='C'>
      669 +An optional string specifying the security flags as defined in security-flags(5).
      670 +                                        </loctext>
      671 +                                </description>
      672 +                                <cardinality min='1' max='1'/>
      673 +                                <internal_separators>,</internal_separators>
      674 +                        </prop_pattern>
      675 +
 660  676                          <!-- method_credential properties -->
 661  677                          <prop_pattern name='user' type='astring'
 662  678                              required='false'>
 663  679                                  <common_name>
 664  680                                          <loctext xml:lang='C'>
 665  681  method credential user
 666  682                                          </loctext>
 667  683                                  </common_name>
 668  684                                  <description>
 669  685                                          <loctext xml:lang='C'>
↓ open down ↓ 72 lines elided ↑ open up ↑
 742  758  A boolean that specifies whether the profile should be used instead of the
 743  759  user, group, privileges, and limit_privileges properties.
 744  760                                          </loctext>
 745  761                                  </description>
 746  762                                  <cardinality min='1' max='1'/>
 747  763                          </prop_pattern>
 748  764                          <prop_pattern name='profile' type='astring'
 749  765                              required='false'>
 750  766                                  <common_name>
 751  767                                          <loctext xml:lang='C'>
 752      -method profile RBAC profile specification 
      768 +method profile RBAC profile specification
 753  769                                          </loctext>
 754  770                                  </common_name>
 755  771                                  <description>
 756  772                                          <loctext xml:lang='C'>
 757  773  The name of an RBAC (role-based access control) profile which, along with the
 758  774  method executable, identifies an entry in exec_attr(4).
 759  775                                          </loctext>
 760  776                                  </description>
 761  777                                  <cardinality min='1' max='1'/>
 762  778                          </prop_pattern>
↓ open down ↓ 134 lines elided ↑ open up ↑
 897  913                                  <description>
 898  914                                          <loctext xml:lang='C'>
 899  915  The resource pool name on which to launch the method.  :default can be used
 900  916  as a token to indicate the pool specified in the project(4) entry given in
 901  917  the project attribute.
 902  918                                          </loctext>
 903  919                                  </description>
 904  920                                  <cardinality min='1' max='1'/>
 905  921                          </prop_pattern>
 906  922  
      923 +                        <prop_pattern name='security_flags' type='astring'
      924 +                            required='false'>
      925 +                                <common_name>
      926 +                                        <loctext xml:lang='C'>
      927 +method credential security flags
      928 +                                        </loctext>
      929 +                                </common_name>
      930 +                                <description>
      931 +                                        <loctext xml:lang='C'>
      932 +An optional string specifying the security flags as defined in security-flags(5).
      933 +                                        </loctext>
      934 +                                </description>
      935 +                                <cardinality min='1' max='1'/>
      936 +                                <internal_separators>,</internal_separators>
      937 +                        </prop_pattern>
      938 +
 907  939                          <!-- method_credential properties -->
 908  940                          <prop_pattern name='user' type='astring'
 909  941                              required='false'>
 910  942                                  <common_name>
 911  943                                          <loctext xml:lang='C'>
 912  944  method credential user
 913  945                                          </loctext>
 914  946                                  </common_name>
 915  947                                  <description>
 916  948                                          <loctext xml:lang='C'>
↓ open down ↓ 72 lines elided ↑ open up ↑
 989 1021  A boolean that specifies whether the profile should be used instead of the
 990 1022  user, group, privileges, and limit_privileges properties.
 991 1023                                          </loctext>
 992 1024                                  </description>
 993 1025                                  <cardinality min='1' max='1'/>
 994 1026                          </prop_pattern>
 995 1027                          <prop_pattern name='profile' type='astring'
 996 1028                              required='false'>
 997 1029                                  <common_name>
 998 1030                                          <loctext xml:lang='C'>
 999      -method profile RBAC profile specification 
     1031 +method profile RBAC profile specification
1000 1032                                          </loctext>
1001 1033                                  </common_name>
1002 1034                                  <description>
1003 1035                                          <loctext xml:lang='C'>
1004 1036  The name of an RBAC (role-based access control) profile which, along with the
1005 1037  method executable, identifies an entry in exec_attr(4).
1006 1038                                          </loctext>
1007 1039                                  </description>
1008 1040                                  <cardinality min='1' max='1'/>
1009 1041                          </prop_pattern>
↓ open down ↓ 133 lines elided ↑ open up ↑
1143 1175                                  </common_name>
1144 1176                                  <description>
1145 1177                                          <loctext xml:lang='C'>
1146 1178  The resource pool name on which to launch the method.  :default can be used
1147 1179  as a token to indicate the pool specified in the project(4) entry given in
1148 1180  the project attribute.
1149 1181                                          </loctext>
1150 1182                                  </description>
1151 1183                                  <cardinality min='1' max='1'/>
1152 1184                          </prop_pattern>
     1185 +                        <prop_pattern name='security_flags' type='astring'
     1186 +                            required='false'>
     1187 +                                <common_name>
     1188 +                                        <loctext xml:lang='C'>
     1189 +method security flags
     1190 +                                        </loctext>
     1191 +                                </common_name>
     1192 +                                <description>
     1193 +                                        <loctext xml:lang='C'>
     1194 +An optional string specifying the security flags as defined in security-flags(5).
     1195 +                                        </loctext>
     1196 +                                </description>
     1197 +                                <cardinality min='1' max='1'/>
     1198 +                                <internal_separators>,</internal_separators>
     1199 +                        </prop_pattern>
1153 1200  
1154 1201                          <!-- method_credential properties -->
1155 1202                          <prop_pattern name='user' type='astring'
1156 1203                              required='false'>
1157 1204                                  <common_name>
1158 1205                                          <loctext xml:lang='C'>
1159 1206  method credential user
1160 1207                                          </loctext>
1161 1208                                  </common_name>
1162 1209                                  <description>
↓ open down ↓ 73 lines elided ↑ open up ↑
1236 1283  A boolean that specifies whether the profile should be used instead of the
1237 1284  user, group, privileges, and limit_privileges properties.
1238 1285                                          </loctext>
1239 1286                                  </description>
1240 1287                                  <cardinality min='1' max='1'/>
1241 1288                          </prop_pattern>
1242 1289                          <prop_pattern name='profile' type='astring'
1243 1290                              required='false'>
1244 1291                                  <common_name>
1245 1292                                          <loctext xml:lang='C'>
1246      -method profile RBAC profile specification 
     1293 +method profile RBAC profile specification
1247 1294                                          </loctext>
1248 1295                                  </common_name>
1249 1296                                  <description>
1250 1297                                          <loctext xml:lang='C'>
1251 1298  The name of an RBAC (role-based access control) profile which, along with the
1252 1299  method executable, identifies an entry in exec_attr(4).
1253 1300                                          </loctext>
1254 1301                                  </description>
1255 1302                                  <cardinality min='1' max='1'/>
1256 1303                          </prop_pattern>
↓ open down ↓ 22 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX