Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libbsm/adt_record.dtd.1.man.txt
+++ new/usr/src/lib/libbsm/adt_record.dtd.1.man.txt
1 1 () ()
2 2
3 3
4 4
5 5 <?xml version="1.0" encoding="UTF-8" ?>
6 6
7 7 <!--
8 8 Copyright 2010 Sun Microsystems, Inc. All rights reserved.
9 9 Use is subject to license terms.
10 10
11 11 CDDL HEADER START
12 12
13 13 The contents of this file are subject to the terms of the
14 14 Common Development and Distribution License (the "License").
15 15 You may not use this file except in compliance with the License.
16 16
17 17 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
18 18 or http://www.opensolaris.org/os/licensing.
19 19 See the License for the specific language governing permissions
20 20 and limitations under the License.
21 21
22 22 When distributing Covered Code, include this CDDL HEADER in each
23 23 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
24 24 If applicable, add the following below this CDDL HEADER, with the
25 25 fields enclosed by brackets "[]" replaced with your own identifying
26 26 information: Portions Copyright [yyyy] [name of copyright owner]
27 27
28 28 CDDL HEADER END -->
29 29
30 30
31 31 <!--Entity Definitions-->
32 32
33 33 <!-- timeattr or iso8601
34 34
35 35 timeattr: the time/date to the second in strftime(3C) default format,
36 36 followed by milliseconds offset.
37 37
38 38 Example: time="Mon May 06 12:10:18 2002" msec="750"
39 39
40 40 iso8601: ISO 8601 standard format date time and timezone; YYYY-MM-DD
41 41 HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with milliseconds + or
42 42 - offset from Universal Time (UTC, aka GMT) Example:
43 43 iso8601="2003-09-17 16:47:41.831 -07:00"
44 44
45 45 --> <!ENTITY % timeattr "time CDATA #IMPLIED msec
46 46 CDATA #IMPLIED">
47 47
48 48 <!ENTITY % iso8601 "iso8601 CDATA #IMPLIED">
49 49
50 50 <!-- xinfo Generic info for X related tokens. --> <!ENTITY % xinfo
51 51 "xid CDATA #REQUIRED xcreator-uid CDATA #REQUIRED">
52 52
53 53 <!-- reserved_toks
54 54
55 55 This represents the set of "reserved" tokens whose placement is fixed.
56 56
57 57 --> <!ENTITY % reserved_toks "( file |
58 58 record | host | sequence
59 59 ) ">
60 60
61 61 <!-- normaltoks
62 62
63 63 This represents the set of all tokens other than the "reserved" tokens.
64 64
65 65 --> <!ENTITY % normaltoks "( acl |
66 66 arbitrary | argument | attribute |
67 67 cmd | exit | exec_args |
68 68 exec_env | fmri | group
69 69 | ip | ip_address |
70 70 IPC | IPC_perm | ip_port
71 71 | liaison | opaque |
72 72 path | path_attr | privilege |
73 73 process | return |
74 74 sensitivity_label | old_socket | socket
75 75 | subject | text |
76 76 user | use_of_authorization |
77 77 use_of_privilege | X_atom | X_client
78 78 | X_color_map | X_cursor |
79 79 X_font | X_graphic_context | X_pixmap
80 80 | X_property | X_selection |
81 81 X_window | zone ) ">
82 82
83 83 <!--Element Definitions-->
84 84
85 85 <!--
86 86
87 87 The main element, "audit", consists of a sequence of file & record tokens.
88 88
89 89 --> <!ELEMENT audit (file | record)*>
90 90
91 91 <!-- file token --> <!ELEMENT file (#PCDATA)> <!ATTLIST file
92 92 %iso8601;>
93 93
94 94
95 95 <!-- record token
96 96
97 97 Audit records will have this general layout of tokens after the first token
98 98 (which is the record token):
99 99 (tokens),subject,group,(tokens),return,sequence,host
100 100
101 101 (all tokens after the record token are optional; the host token is unused.)
102 102
103 103 --> <!ELEMENT record ( (%normaltoks;)*, sequence?,
104 104 host? ) > <!ATTLIST record version CDATA #REQUIRED
105 105 event CDATA #REQUIRED modifier CDATA #IMPLIED
106 106 host CDATA #IMPLIED %iso8601; >
107 107
108 108 <!-- text token --> <!ELEMENT text (#PCDATA)>
109 109
110 110 <!-- user token --> <!ELEMENT user EMPTY> <!ATTLIST user uid
111 111 CDATA #REQUIRED username CDATA #REQUIRED >
112 112
113 113 <!-- path token --> <!ELEMENT path (#PCDATA)>
114 114
115 115 <!-- path_attr token --> <!ELEMENT path_attr (xattr*)> <!ELEMENT xattr
116 116 (#PCDATA)>
117 117
118 118 <!-- host token --> <!ELEMENT host (#PCDATA)>
119 119
120 120 <!-- subject token --> <!ELEMENT subject EMPTY> <!ATTLIST subject
121 121 audit-uid CDATA #REQUIRED uid CDATA #REQUIRED gid
122 122 CDATA #REQUIRED ruid CDATA #REQUIRED rgid CDATA
123 123 #REQUIRED pid CDATA #REQUIRED sid CDATA
124 124 #REQUIRED tid CDATA #REQUIRED >
125 125
126 126 <!-- process token --> <!ELEMENT process EMPTY> <!ATTLIST process
127 127 audit-uid CDATA #REQUIRED uid CDATA #REQUIRED gid
128 128 CDATA #REQUIRED ruid CDATA #REQUIRED rgid CDATA
129 129 #REQUIRED pid CDATA #REQUIRED sid CDATA
130 130 #REQUIRED tid CDATA #REQUIRED >
131 131
132 132 <!-- return token --> <!ELEMENT return EMPTY> <!ATTLIST return
133 133 errval CDATA #REQUIRED retval CDATA #REQUIRED >
134 134
135 135 <!-- exit token --> <!ELEMENT exit EMPTY> <!ATTLIST exit
136 136 errval CDATA #REQUIRED retval CDATA #REQUIRED >
137 137
138 138 <!-- sequence token --> <!ELEMENT sequence EMPTY> <!ATTLIST sequence
139 139 seq-num CDATA #REQUIRED >
140 140
141 141 <!-- fmri token --> <!ELEMENT fmri (#PCDATA)>
142 142
143 143 <!-- group token --> <!ELEMENT group (gid)*> <!ELEMENT gid
144 144 (#PCDATA)>
145 145
146 146 <!-- opaque token --> <!ELEMENT opaque (#PCDATA)>
147 147
148 148 <!-- liaison token --> <!-- (NOTE: liaison is obsolete and is no longer
149 149 generated --> <!ELEMENT liaison (#PCDATA)>
150 150
151 151 <!-- argument token --> <!ELEMENT argument EMPTY> <!ATTLIST argument
152 152 arg-num CDATA #REQUIRED value CDATA #REQUIRED
153 153 desc CDATA #REQUIRED >
154 154
155 155 <!-- attribute token --> <!ELEMENT attribute EMPTY> <!ATTLIST attribute
156 156 mode CDATA #REQUIRED uid CDATA #REQUIRED gid
157 157 CDATA #REQUIRED fsid CDATA #REQUIRED nodeid
158 158 CDATA #REQUIRED device CDATA #REQUIRED >
159 159
160 160 <!-- cmd token --> <!ELEMENT cmd (argv*, arge*)> <!ELEMENT argv
161 161 (#PCDATA)> <!ELEMENT arge (#PCDATA)>
162 162
163 163 <!-- exec_args token --> <!ELEMENT exec_args (arg*)> <!ELEMENT arg
164 164 (#PCDATA)>
165 165
|
↓ open down ↓ |
165 lines elided |
↑ open up ↑ |
166 166 <!-- exec_env token --> <!ELEMENT exec_env (env*)> <!ELEMENT env
167 167 (#PCDATA)>
168 168
169 169 <!-- arbitrary token --> <!ELEMENT arbitrary (#PCDATA)> <!ATTLIST
170 170 arbitrary print CDATA #REQUIRED type CDATA
171 171 #REQUIRED count CDATA #REQUIRED >
172 172
173 173 <!-- privilege token --> <!ELEMENT privilege (#PCDATA)> <!ATTLIST
174 174 privilege set-type CDATA #REQUIRED >
175 175
176 +<!-- secflags token --> <!ELEMENT secflags (#PCDATA)> <!ATTLIST
177 +secflags set-type CDATA #REQUIRED >
178 +
179 +
176 180 <!-- use_of_privilege token --> <!ELEMENT use_of_privilege (#PCDATA)>
177 181 <!ATTLIST use_of_privilege result CDATA #REQUIRED >
178 182
179 183 <!-- sensitivity_label token --> <!ELEMENT sensitivity_label (#PCDATA)>
180 184
181 185 <!-- use_of_authorization token --> <!ELEMENT use_of_authorization
182 186 (#PCDATA)>
183 187
184 188 <!-- IPC token --> <!ELEMENT IPC EMPTY> <!ATTLIST IPC
185 189 ipc-type CDATA #REQUIRED ipc-id CDATA #REQUIRED >
186 190
187 191 <!-- IPC_perm token --> <!ELEMENT IPC_perm EMPTY> <!ATTLIST IPC_perm
188 192 uid CDATA #REQUIRED gid CDATA #REQUIRED creator-
189 193 uid CDATA #REQUIRED creator-gid CDATA #REQUIRED mode
190 194 CDATA #REQUIRED seq CDATA #REQUIRED key CDATA
191 195 #REQUIRED >
192 196
193 197 <!-- ip_address token --> <!ELEMENT ip_address (#PCDATA)>
194 198
195 199 <!-- ip_port token --> <!-- (NOTE: ip_port is obsolete and is no longer
196 200 generated --> <!ELEMENT ip_port (#PCDATA)>
197 201
198 202 <!-- ip token --> <!-- (NOTE: ip is obsolete and is no longer generated -->
199 203 <!ELEMENT ip EMPTY> <!ATTLIST ip version CDATA
200 204 #REQUIRED service_type CDATA #REQUIRED len CDATA
201 205 #REQUIRED id CDATA #REQUIRED offset CDATA
202 206 #REQUIRED time_to_live CDATA #REQUIRED protocol CDATA
203 207 #REQUIRED cksum CDATA #REQUIRED src_addr CDATA
204 208 #REQUIRED dest_addr CDATA #REQUIRED >
205 209
206 210 <!-- old_socket token --> <!ELEMENT old_socket EMPTY> <!ATTLIST
207 211 old_socket type CDATA #REQUIRED port CDATA
208 212 #REQUIRED addr CDATA #REQUIRED >
209 213
210 214 <!-- socket token --> <!ELEMENT socket EMPTY> <!ATTLIST socket
211 215 sock_domain CDATA #REQUIRED sock_type CDATA #REQUIRED
212 216 lport CDATA #REQUIRED laddr CDATA #REQUIRED
213 217 fport CDATA #REQUIRED faddr CDATA #REQUIRED >
214 218
215 219 <!-- acl token --> <!ELEMENT acl EMPTY> <!ATTLIST acl
216 220 type CDATA #IMPLIED value CDATA #IMPLIED
217 221 mode CDATA #IMPLIED flags CDATA #IMPLIED id
218 222 CDATA #IMPLIED access_mask CDATA #IMPLIED >
219 223
220 224 <!-- tid token --> <!-- future intent: contain one of ipadr | MTUadr | device
221 225 --> <!ELEMENT tid (ipadr*)> <!ATTLIST tid type CDATA
222 226 #REQUIRED >
223 227
224 228 <!-- ipadr content of tid token --> <!ELEMENT ipadr EMPTY>
225 229 <!ATTLIST ipadr local-port CDATA #REQUIRED remote-port
226 230 CDATA #REQUIRED host CDATA #REQUIRED >
227 231
228 232 <!-- X_atom token --> <!ELEMENT X_atom (#PCDATA)>
229 233
230 234 <!-- X_color_map token --> <!ELEMENT X_color_map EMPTY> <!ATTLIST
231 235 X_color_map %xinfo;>
232 236
233 237 <!-- X_cursor token --> <!ELEMENT X_cursor EMPTY> <!ATTLIST X_cursor
234 238 %xinfo;>
235 239
236 240 <!-- X_font token --> <!ELEMENT X_font EMPTY> <!ATTLIST X_font
237 241 %xinfo;>
238 242
239 243 <!-- X_graphic_context token --> <!ELEMENT X_graphic_context EMPTY>
240 244 <!ATTLIST X_graphic_context %xinfo;>
241 245
242 246 <!-- X_pixmap token --> <!ELEMENT X_pixmap EMPTY> <!ATTLIST X_pixmap
243 247 %xinfo;>
244 248
245 249 <!-- X_window token --> <!ELEMENT X_window EMPTY> <!ATTLIST X_window
246 250 %xinfo;>
247 251
248 252 <!-- X_property token --> <!ELEMENT X_property (#PCDATA)> <!ATTLIST
249 253 X_property %xinfo;>
250 254
251 255 <!-- X_client token --> <!ELEMENT X_client (#PCDATA)>
252 256
253 257 <!-- X_selection token --> <!ELEMENT X_selection (xsel_text, xsel_type,
254 258 xsel_data)> <!ELEMENT x_sel_text (#PCDATA)> <!ELEMENT x_sel_type
255 259 (#PCDATA)> <!ELEMENT x_sel_data (#PCDATA)>
256 260
257 261 <!-- zonename token --> <!ELEMENT zone EMPTY> <!ATTLIST zone
258 262 name CDATA #REQUIRED >
259 263
260 264
261 265
262 266 June 2, 2016 ()
|
↓ open down ↓ |
77 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX