Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.


 113 of at the pset level.  Once we have msets this    will be important since tmp
 114 psets and tmp msets will share a common      pool-level importance.  -->
 115 <!ELEMENT tmp_pool  EMPTY>
 116 
 117 <!ATTLIST tmp_pool  importance          CDATA #REQUIRED>
 118 
 119 <!ELEMENT pset           EMPTY>
 120 
 121 <!ATTLIST pset           ncpu_min  CDATA #REQUIRED               ncpu_max  CDATA
 122 #REQUIRED>
 123 
 124 <!ELEMENT mcap           EMPTY>
 125 
 126 <!ATTLIST mcap           physcap        CDATA #REQUIRED>
 127 
 128 <!ELEMENT admin          EMPTY>
 129 
 130 <!ATTLIST admin               user      CDATA #REQUIRED
 131                          auths          CDATA #REQUIRED>
 132 





 133 <!ELEMENT zone           (filesystem | inherited-pkg-dir | network | device |
 134                deleted-device | rctl | attr | dataset | package |               patch | dev-
 135 perm | tmp_pool | pset |                mcap | admin)*>
 136 
 137 <!ATTLIST zone           name      CDATA #REQUIRED               zonepath  CDATA
 138 #REQUIRED                autoboot  (true | false) #REQUIRED                ip-
 139 type      CDATA ""            hostid         CDATA ""            pool
 140           CDATA ""            limitpriv CDATA ""            bootargs  CDATA ""
 141                brand          CDATA ""            scheduling-class    CDATA ""            fs-
 142 allowed   CDATA ""            version        NMTOKEN #FIXED '1'>
 143 
 144 
 145 
 146                                  June 2, 2016                               ()


 113 of at the pset level.  Once we have msets this    will be important since tmp
 114 psets and tmp msets will share a common      pool-level importance.  -->
 115 <!ELEMENT tmp_pool  EMPTY>
 116 
 117 <!ATTLIST tmp_pool  importance          CDATA #REQUIRED>
 118 
 119 <!ELEMENT pset           EMPTY>
 120 
 121 <!ATTLIST pset           ncpu_min  CDATA #REQUIRED               ncpu_max  CDATA
 122 #REQUIRED>
 123 
 124 <!ELEMENT mcap           EMPTY>
 125 
 126 <!ATTLIST mcap           physcap        CDATA #REQUIRED>
 127 
 128 <!ELEMENT admin          EMPTY>
 129 
 130 <!ATTLIST admin               user      CDATA #REQUIRED
 131                          auths          CDATA #REQUIRED>
 132 
 133 <!ELEMENT security-flags      EMPTY>
 134 
 135 <!ATTLIST security-flags      default             CDATA ""            lower
 136           CDATA ""            upper          CDATA "">
 137 
 138 <!ELEMENT zone           (filesystem | inherited-pkg-dir | network | device |
 139                deleted-device | rctl | attr | dataset | package |               patch | dev-
 140 perm | tmp_pool | pset |                mcap | admin | security-flags)*>
 141 
 142 <!ATTLIST zone           name      CDATA #REQUIRED               zonepath  CDATA
 143 #REQUIRED                autoboot  (true | false) #REQUIRED                ip-
 144 type      CDATA ""            hostid         CDATA ""            pool
 145           CDATA ""            limitpriv CDATA ""            bootargs  CDATA ""
 146                brand          CDATA ""            scheduling-class    CDATA ""            fs-
 147 allowed   CDATA ""            version        NMTOKEN #FIXED '1'>
 148 
 149 
 150 
 151                                  June 2, 2016                               ()