secflag-zone-defaults Wdiff usr/src/cmd/svc/milestone/process-security.xml

Print this page

smf: switch to a tri-state for process-security properties true=on,false=off,nil=default

Split	Close
Expand all
Collapse all

          --- old/usr/src/cmd/svc/milestone/process-security.xml
          +++ new/usr/src/cmd/svc/milestone/process-security.xml

   1    1  <?xml version='1.0'?>
   2    2  <!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
   3    3  
   4    4  <!--
   5    5   Copyright 2015, Richard Lowe.
   6    6  
   7    7   CDDL HEADER START
   8    8  
   9    9   This file and its contents are supplied under the terms of the
  10   10   Common Development and Distribution License ("CDDL"), version 1.0.
  11   11   You may only use this file in accordance with the terms of version
  12   12   1.0 of the CDDL.
  13   13  
  14   14   A full copy of the text of the CDDL should have accompanied this
  15   15   source.  A copy of the CDDL is also available via the Internet at
  16   16   http://www.illumos.org/license/CDDL.
  17   17  
  18   18   CDDL HEADER END
  19   19  
  20   20          NOTE:  This service manifest is not editable; its contents will
  21   21          be overwritten by package or patch operations, including
  22   22          operating system upgrade.  Make customizations in a different
  23   23          file.
  24   24  -->
  25   25  
  26   26  <service_bundle type="manifest" name="process-security">
  27   27          <service name="system/process-security" type="service" version="1">
  28   28                  <!-- Initial state of the service is disabled -->
  29   29                  <create_default_instance enabled="false" />
  30   30  
  31   31                  <single_instance />
  32   32  
  33   33                  <!-- We don't actually have any methods, but we create a

↓ open down ↓

33 lines elided

↑ open up ↑

  34   34                       default instance so that we show up in svcs -a -->
  35   35  
  36   36                  <exec_method type="method" name="start" exec=":true" timeout_seconds="0"/>
  37   37                  <exec_method type="method" name="stop" exec=":true" timeout_seconds="30"/>
  38   38  
  39   39                  <property_group name='startd' type='framework'>
  40   40                    <propval name='duration' type='astring' value='transient' />
  41   41                  </property_group>
  42   42  
  43   43                  <property_group name='default' type='application'>
  44      -                  <propval name='aslr' type='boolean' value='false' />
  45      -                  <propval name='forbidnullmap' type='boolean' value='false' />
  46      -                  <propval name='noexecstack' type='boolean' value='false' />
       44 +                  <property name='aslr' type='boolean' />
       45 +                  <property name='forbidnullmap' type='boolean' />
       46 +                  <property name='noexecstack' type='boolean' />
  47   47  
  48   48                    <propval name='value_authorization' type='astring'
  49   49                             value='solaris.smf.value.process-security' />
  50   50                  </property_group>
  51   51  
  52   52                  <property_group name='lower' type='application'>
  53      -                  <propval name='aslr' type='boolean' value='false' />
  54      -                  <propval name='forbidnullmap' type='boolean' value='false' />
  55      -                  <propval name='noexecstack' type='boolean' value='false' />
       53 +                  <property name='aslr' type='boolean' />
       54 +                  <property name='forbidnullmap' type='boolean' />
       55 +                  <property name='noexecstack' type='boolean' />
  56   56  
  57   57                    <propval name='value_authorization' type='astring'
  58   58                             value='solaris.smf.value.process-security' />
  59   59                  </property_group>
  60   60  
  61   61                  <property_group name='upper' type='application'>
  62      -                  <propval name='aslr' type='boolean' value='true' />
  63      -                  <propval name='forbidnullmap' type='boolean' value='true' />
  64      -                  <propval name='noexecstack' type='boolean' value='true' />
       62 +                  <property name='aslr' type='boolean' />
       63 +                  <property name='forbidnullmap' type='boolean' />
       64 +                  <property name='noexecstack' type='boolean' />
  65   65  
  66   66                    <propval name='value_authorization' type='astring'
  67   67                             value='solaris.smf.value.process-security' />
  68   68                  </property_group>
  69   69  
  70   70  
  71   71  
  72   72                  <stability value="Unstable" />
  73   73  
  74   74                  <template>

  75   75                          <common_name>
  76   76                                  <loctext xml:lang='C'>Security Flag Configuration</loctext>
  77   77                          </common_name>
  78   78                          <documentation>
  79   79                                  <manpage title='security-flags' section='5'
  80   80                                           manpath='/usr/share/man' />
  81   81                                  <manpage title='psecflags' section='1'
  82   82                                           manpath='/usr/share/man' />
  83   83                          </documentation>
  84   84                  </template>
  85   85          </service>
  86   86  </service_bundle>

↓ open down ↓

12 lines elided

↑ open up ↑

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX