diff options
| author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2016-10-17 13:02:40 +0000 |
|---|---|---|
| committer | Jerry Jelinek <jerry.jelinek@joyent.com> | 2016-10-17 13:02:40 +0000 |
| commit | 59a59b276f274cff7e883bcc3e10c162cfb3a263 (patch) | |
| tree | 59b25df56be42eb7c8aae7cb02d6f1d39ec61b15 /usr/src/lib/librestart/common/librestart.h | |
| parent | 8259b03da3b4ab815c3b6180f813fcfd57984470 (diff) | |
| parent | d2a70789f056fc6c9ce3ab047b52126d80b0e3da (diff) | |
| download | illumos-joyent-59a59b276f274cff7e883bcc3e10c162cfb3a263.tar.gz | |
[illumos-gate merge]
commit d2a70789f056fc6c9ce3ab047b52126d80b0e3da
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (ASLR)
7031 noexec_user_stack should be a security-flag
7032 want a means to forbid mappings around NULL
commit 8ab1c3f559468e655c4eb8acce993320403dd72b
7469 loader should use acpica provided by OS
commit a1964bdd47804c37e09db1a79c23937c9aeac165
7470 acpi build sometimes doesn't descend into SUBDIRS
commit abf99a006172ea5aab2246bda23f9d6d935bf1ad
7420 signalfd deadlock on pollwakeup
7421 panic in signalfd
Conflicts:
usr/src/cmd/sgs/libconv/common/corenote.c
usr/src/cmd/zonecfg/zonecfg.c
usr/src/cmd/zonecfg/zonecfg.h
usr/src/cmd/zonecfg/zonecfg_grammar.y
usr/src/cmd/zonecfg/zonecfg_lex.l
usr/src/head/libzonecfg.h
usr/src/lib/libzonecfg/common/libzonecfg.c
usr/src/man/man1m/zonecfg.1m
usr/src/man/man4/proc.4
usr/src/pkg/manifests/system-test-ostest.mf
usr/src/test/os-tests/tests/Makefile
usr/src/uts/common/exec/elf/elf.c
usr/src/uts/common/io/signalfd.c
usr/src/uts/common/os/sysent.c
usr/src/uts/common/os/zone.c
usr/src/uts/common/sys/proc.h
usr/src/uts/common/sys/zone.h
Diffstat (limited to 'usr/src/lib/librestart/common/librestart.h')
| -rw-r--r-- | usr/src/lib/librestart/common/librestart.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr/src/lib/librestart/common/librestart.h b/usr/src/lib/librestart/common/librestart.h index f5c247b7f1..9697c87db3 100644 --- a/usr/src/lib/librestart/common/librestart.h +++ b/usr/src/lib/librestart/common/librestart.h @@ -32,6 +32,7 @@ #include <priv.h> #include <pwd.h> #include <sys/types.h> +#include <sys/secflags.h> #ifdef __cplusplus extern "C" { @@ -265,7 +266,7 @@ int restarter_remove_contract(scf_instance_t *, ctid_t, ssize_t restarter_state_to_string(restarter_instance_state_t, char *, size_t); restarter_instance_state_t restarter_string_to_state(char *); -#define RESTARTER_METHOD_CONTEXT_VERSION 7 +#define RESTARTER_METHOD_CONTEXT_VERSION 8 struct method_context { /* Stable */ @@ -273,6 +274,8 @@ struct method_context { gid_t gid, egid; int ngroups; /* -1 means use initgroups(). */ gid_t groups[NGROUPS_MAX]; + scf_secflags_t def_secflags; + secflagdelta_t secflag_delta; priv_set_t *lpriv_set, *priv_set; char *corefile_pattern; /* Optional. */ char *project; /* NULL for no change */ |