[illumos-gate merge]

commit d2a70789f056fc6c9ce3ab047b52126d80b0e3da
    7029 want per-process exploit mitigation features (secflags)
    7030 want basic address space layout randomization (ASLR)
    7031 noexec_user_stack should be a security-flag
    7032 want a means to forbid mappings around NULL
commit 8ab1c3f559468e655c4eb8acce993320403dd72b
    7469 loader should use acpica provided by OS
commit a1964bdd47804c37e09db1a79c23937c9aeac165
    7470 acpi build sometimes doesn't descend into SUBDIRS
commit abf99a006172ea5aab2246bda23f9d6d935bf1ad
    7420 signalfd deadlock on pollwakeup
    7421 panic in signalfd

	Conflicts:
	usr/src/cmd/sgs/libconv/common/corenote.c
	usr/src/cmd/zonecfg/zonecfg.c
	usr/src/cmd/zonecfg/zonecfg.h
	usr/src/cmd/zonecfg/zonecfg_grammar.y
	usr/src/cmd/zonecfg/zonecfg_lex.l
	usr/src/head/libzonecfg.h
	usr/src/lib/libzonecfg/common/libzonecfg.c
	usr/src/man/man1m/zonecfg.1m
	usr/src/man/man4/proc.4
	usr/src/pkg/manifests/system-test-ostest.mf
	usr/src/test/os-tests/tests/Makefile
	usr/src/uts/common/exec/elf/elf.c
	usr/src/uts/common/io/signalfd.c
	usr/src/uts/common/os/sysent.c
	usr/src/uts/common/os/zone.c
	usr/src/uts/common/sys/proc.h
	usr/src/uts/common/sys/zone.h

1 files changed, 53 insertions, 22 deletions

diff --git a/usr/src/lib/libproc/common/Pcontrol.c b/usr/src/lib/libproc/common/Pcontrol.c
index f9b1d9755b..f18d4cefd8 100644
--- a/usr/src/lib/libproc/common/Pcontrol.c
+++ b/usr/src/lib/libproc/common/Pcontrol.c
@@ -54,6 +54,7 @@
 #include <sys/syscall.h>
 #include <sys/sysmacros.h>
 #include <sys/systeminfo.h>
+#include <sys/secflags.h>
 
 #include "libproc.h"
 #include "Pcontrol.h"
@@ -176,6 +177,13 @@ Pcred_live(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
 	return (proc_get_cred(P->pid, pcrp, ngroups));
 }
 
+/* ARGSUSED */
+static int
+Psecflags_live(struct ps_prochandle *P, prsecflags_t **psf, void *data)
+{
+	return (proc_get_secflags(P->pid, psf));
+}
+
 /*ARGSUSED*/
 static int
 Ppriv_live(struct ps_prochandle *P, prpriv_t **pprv, void *data)
@@ -326,6 +334,7 @@ static const ps_ops_t P_live_ops = {
 	.pop_uname	= Puname_live,
 	.pop_zonename	= Pzonename_live,
 	.pop_execname	= Pexecname_live,
+	.pop_secflags	= Psecflags_live,
 #if defined(__i386) || defined(__amd64)
 	.pop_ldt	= Pldt_live
 #endif
@@ -424,11 +433,11 @@ dupfd(int fd, int dfd)
  */
 struct ps_prochandle *
 Pxcreate(const char *file,	/* executable file name */
-	char *const *argv,	/* argument vector */
-	char *const *envp,	/* environment */
-	int *perr,	/* pointer to error return code */
-	char *path,	/* if non-null, holds exec path name on return */
-	size_t len)	/* size of the path buffer */
+    char *const *argv,		/* argument vector */
+    char *const *envp,		/* environment */
+    int *perr,			/* pointer to error return code */
+    char *path,		/* if non-null, holds exec path name on return */
+    size_t len)			/* size of the path buffer */
 {
 	char execpath[PATH_MAX];
 	char procname[PATH_MAX];
@@ -1299,6 +1308,28 @@ Pcred(struct ps_prochandle *P, prcred_t *pcrp, int ngroups)
 	return (P->ops.pop_cred(P, pcrp, ngroups, P->data));
 }
 
+/* Return an allocated prsecflags_t */
+int
+Psecflags(struct ps_prochandle *P, prsecflags_t **psf)
+{
+	int ret;
+
+	if ((ret = P->ops.pop_secflags(P, psf, P->data)) == 0) {
+		if ((*psf)->pr_version != PRSECFLAGS_VERSION_1) {
+			errno = EINVAL;
+			return (-1);
+		}
+	}
+
+	return (ret);
+}
+
+void
+Psecflags_free(prsecflags_t *psf)
+{
+	free(psf);
+}
+
 static prheader_t *
 Plstatus(struct ps_prochandle *P)
 {
@@ -1804,8 +1835,8 @@ prdump(struct ps_prochandle *P)
  */
 int
 Pstopstatus(struct ps_prochandle *P,
-	long request,		/* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
-	uint_t msec)		/* if non-zero, timeout in milliseconds */
+    long request,		/* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
+    uint_t msec)		/* if non-zero, timeout in milliseconds */
 {
 	int ctlfd = (P->agentctlfd >= 0)? P->agentctlfd : P->ctlfd;
 	long ctl[3];
@@ -2070,8 +2101,8 @@ Pputareg(struct ps_prochandle *P, int regno, prgreg_t reg)
 
 int
 Psetrun(struct ps_prochandle *P,
-	int sig,	/* signal to pass to process */
-	int flags)	/* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
+    int sig,	/* signal to pass to process */
+    int flags)	/* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
 {
 	int ctlfd = (P->agentctlfd >= 0) ? P->agentctlfd : P->ctlfd;
 	int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);
@@ -2146,18 +2177,18 @@ Psetrun(struct ps_prochandle *P,
 
 ssize_t
 Pread(struct ps_prochandle *P,
-	void *buf,		/* caller's buffer */
-	size_t nbyte,		/* number of bytes to read */
-	uintptr_t address)	/* address in process */
+    void *buf,		/* caller's buffer */
+    size_t nbyte,	/* number of bytes to read */
+    uintptr_t address)	/* address in process */
 {
 	return (P->ops.pop_pread(P, buf, nbyte, address, P->data));
 }
 
 ssize_t
 Pread_string(struct ps_prochandle *P,
-	char *buf,		/* caller's buffer */
-	size_t size,		/* upper limit on bytes to read */
-	uintptr_t addr)		/* address in process */
+    char *buf,			/* caller's buffer */
+    size_t size,		/* upper limit on bytes to read */
+    uintptr_t addr)		/* address in process */
 {
 	enum { STRSZ = 40 };
 	char string[STRSZ + 1];
@@ -2193,9 +2224,9 @@ Pread_string(struct ps_prochandle *P,
 
 ssize_t
 Pwrite(struct ps_prochandle *P,
-	const void *buf,	/* caller's buffer */
-	size_t nbyte,		/* number of bytes to write */
-	uintptr_t address)	/* address in process */
+    const void *buf,	/* caller's buffer */
+    size_t nbyte,	/* number of bytes to write */
+    uintptr_t address)	/* address in process */
 {
 	return (P->ops.pop_pwrite(P, buf, nbyte, address, P->data));
 }
@@ -3402,8 +3433,8 @@ Lsync(struct ps_lwphandle *L)
  */
 static int
 Lstopstatus(struct ps_lwphandle *L,
-	long request,		/* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
-	uint_t msec)		/* if non-zero, timeout in milliseconds */
+    long request,		/* PCNULL, PCDSTOP, PCSTOP, PCWSTOP */
+    uint_t msec)		/* if non-zero, timeout in milliseconds */
 {
 	int ctlfd = L->lwp_ctlfd;
 	long ctl[3];
@@ -3603,8 +3634,8 @@ Lputareg(struct ps_lwphandle *L, int regno, prgreg_t reg)
 
 int
 Lsetrun(struct ps_lwphandle *L,
-	int sig,	/* signal to pass to LWP */
-	int flags)	/* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
+    int sig,	/* signal to pass to LWP */
+    int flags)	/* PRSTEP|PRSABORT|PRSTOP|PRCSIG|PRCFAULT */
 {
 	int ctlfd = L->lwp_ctlfd;
 	int sbits = (PR_DSTOP | PR_ISTOP | PR_ASLEEP);