Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.

@@ -128,13 +128,18 @@
 <!ELEMENT admin     EMPTY>
 
 <!ATTLIST admin          user      CDATA #REQUIRED
                          auths          CDATA #REQUIRED>
 
+<!ELEMENT security-flags      EMPTY>
+
+<!ATTLIST security-flags      default        CDATA ""            lower
+          CDATA ""            upper          CDATA "">
+
 <!ELEMENT zone      (filesystem | inherited-pkg-dir | network | device |
                deleted-device | rctl | attr | dataset | package |               patch | dev-
-perm | tmp_pool | pset |                mcap | admin)*>
+perm | tmp_pool | pset |                mcap | admin | security-flags)*>
 
 <!ATTLIST zone      name      CDATA #REQUIRED               zonepath  CDATA
 #REQUIRED                autoboot  (true | false) #REQUIRED                ip-
 type      CDATA ""            hostid         CDATA ""            pool
           CDATA ""            limitpriv CDATA ""            bootargs  CDATA ""