Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
*** 128,140 ****
<!ELEMENT admin EMPTY>
<!ATTLIST admin user CDATA #REQUIRED
auths CDATA #REQUIRED>
<!ELEMENT zone (filesystem | inherited-pkg-dir | network | device |
deleted-device | rctl | attr | dataset | package | patch | dev-
! perm | tmp_pool | pset | mcap | admin)*>
<!ATTLIST zone name CDATA #REQUIRED zonepath CDATA
#REQUIRED autoboot (true | false) #REQUIRED ip-
type CDATA "" hostid CDATA "" pool
CDATA "" limitpriv CDATA "" bootargs CDATA ""
--- 128,145 ----
<!ELEMENT admin EMPTY>
<!ATTLIST admin user CDATA #REQUIRED
auths CDATA #REQUIRED>
+ <!ELEMENT security-flags EMPTY>
+
+ <!ATTLIST security-flags default CDATA "" lower
+ CDATA "" upper CDATA "">
+
<!ELEMENT zone (filesystem | inherited-pkg-dir | network | device |
deleted-device | rctl | attr | dataset | package | patch | dev-
! perm | tmp_pool | pset | mcap | admin | security-flags)*>
<!ATTLIST zone name CDATA #REQUIRED zonepath CDATA
#REQUIRED autoboot (true | false) #REQUIRED ip-
type CDATA "" hostid CDATA "" pool
CDATA "" limitpriv CDATA "" bootargs CDATA ""