diff options
author | chris <chris@FreeBSD.org> | 2002-12-05 00:05:38 +0000 |
---|---|---|
committer | chris <chris@FreeBSD.org> | 2002-12-05 00:05:38 +0000 |
commit | b7154336a2e44c5cc155547003e3a761754f9bc4 (patch) | |
tree | 6011355b28ad96a0f07ddb38f695bfa878c9aeb3 | |
parent | adb9b4e9bec41e599dafb4a1adc720a9e55cf10b (diff) | |
download | FreeBSD-src-b7154336a2e44c5cc155547003e3a761754f9bc4.zip FreeBSD-src-b7154336a2e44c5cc155547003e3a761754f9bc4.tar.gz |
Document the following MAC policies:
o Biba: A data integrity policy
o BSD Extended: Support for the firewall-like access controls (ugidfw(8))
o MLS: Multi-level security, a confidentiality policy
(These files originally lived in src/share/man/man9)
Approved by: re (blanket)
Sponsored by: DARPA, Network Associates Labs
Obtained from: TrustedBSD Project
-rw-r--r-- | share/man/man4/Makefile | 3 | ||||
-rw-r--r-- | share/man/man4/mac_biba.4 (renamed from share/man/man9/mac_biba.9) | 12 | ||||
-rw-r--r-- | share/man/man4/mac_bsdextended.4 (renamed from share/man/man9/mac_bsdextended.9) | 2 | ||||
-rw-r--r-- | share/man/man4/mac_mls.4 (renamed from share/man/man9/mac_mls.9) | 10 | ||||
-rw-r--r-- | share/man/man9/Makefile | 2 |
5 files changed, 16 insertions, 13 deletions
diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index 808acd1..1fe8ba3 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -95,6 +95,9 @@ MAN= aac.4 \ mem.4 \ mlx.4 \ mly.4 \ + mac_biba.4 \ + mac_bsdextended.4 \ + mac_mls.4 \ mouse.4 \ mtio.4 \ natm.4 \ diff --git a/share/man/man9/mac_biba.9 b/share/man/man4/mac_biba.4 index b301bdf..3d2dc6f 100644 --- a/share/man/man9/mac_biba.9 +++ b/share/man/man4/mac_biba.4 @@ -31,7 +31,7 @@ .\" $FreeBSD$ .Dd NOVEMBER 18, 2002 .Os -.Dt MAC_BIBA 9 +.Dt MAC_BIBA 4 .Sh NAME .Nm mac_biba .Nd Biba data integrity policy @@ -149,7 +149,7 @@ In traditional trusted operating systems, the Biba integrity model is used to protect the Trusted Code Base (TCB). .Pp The Biba integrity model is similar to -.Xr LOMAC 9 , +.Xr lomac 4 , with the exception that LOMAC permits access by a higher integrity subject to a lower integrity object, but downgrades the integrity level of the subject to prevent integrity rules from being violated. @@ -157,16 +157,16 @@ Biba is a fixed label policy in that all subject and object label changes are explicit, whereas LOMAC is a floating label policy. .Pp The Biba integrity model is also similar to -.Xr mac_mls 9 , +.Xr mac_mls 4 , with the exception that the dominance operator and access rules are reversed, preventing the downward flow of information rather than the upward flow of information. Multi-Level Security (MLS) protects the confentiality, rather than the integrity, of subjects and objects. .Sh SEE ALSO -.Xr LOMAC 9 , -.Xr mac 9 , -.Xr mac_mls 9 +.Xr LOMAC 4 , +.Xr mac_mls 4 , +.Xr mac 9 .Sh HISTORY The .Nm diff --git a/share/man/man9/mac_bsdextended.9 b/share/man/man4/mac_bsdextended.4 index ec76d97..03bc34a 100644 --- a/share/man/man9/mac_bsdextended.9 +++ b/share/man/man4/mac_bsdextended.4 @@ -34,7 +34,7 @@ .\" $FreeBSD$ .Dd OCTOBER 16, 2002 .Os -.Dt MAC_BSDEXTENDED 9 +.Dt MAC_BSDEXTENDED 4 .Sh NAME .Nm mac_bsdextended .Nd subject-object interaction rules policy diff --git a/share/man/man9/mac_mls.9 b/share/man/man4/mac_mls.4 index 15ffba8..306070d 100644 --- a/share/man/man9/mac_mls.9 +++ b/share/man/man4/mac_mls.4 @@ -31,7 +31,7 @@ .\" $FreeBSD$ .Dd DECEMBER 1, 2002 .Os -.Dt MAC_MLS 9 +.Dt MAC_MLS 4 .Sh NAME .Nm mac_mls .Nd Multi-Level Security confidentiality policy @@ -119,7 +119,7 @@ accidental or malicious leaking of information, and subjects of lower clearance from observing subjects of higher clearance altogether. In traditional trusted operating systems, the MLS confidentiality model is used in concert with the Biba integrity model -.Xr ( mac_biba 9 ) +.Xr ( mac_biba 4 ) in order to protect the Trusted Code Base (TCB). .Ss Label Format Almost all system objects are tagged with a single, active label element, @@ -167,14 +167,14 @@ the interface. Currently, the .Nm policy relies on superuser status -.Xr ( suser_cred 9 ) +.Xr ( suser 9 ) in order to change network interface MLS labels. This will eventually go away, but it is currently a liability and may allow the superuser to bypass MLS protections. .Sh SEE ALSO .Xr maclabel 7 , -.Xr mac 9 , -.Xr mac_biba 9 +.Xr mac_biba 4 , +.Xr mac 9 .Sh HISTORY The .Nm diff --git a/share/man/man9/Makefile b/share/man/man9/Makefile index 8451c74..7abdb28 100644 --- a/share/man/man9/Makefile +++ b/share/man/man9/Makefile @@ -48,7 +48,7 @@ MAN= BUF_LOCK.9 BUF_LOCKFREE.9 BUF_LOCKINIT.9 BUF_REFCNT.9 \ jumbo.9 \ kernacc.9 kobj.9 kthread.9 ktr.9 \ lock.9 \ - mac.9 mac_biba.9 mac_bsdextended.9 mac_mls.9 \ + mac.9 \ make_dev.9 malloc.9 mbchain.9 mbuf.9 mdchain.9 \ mi_switch.9 microseq.9 microtime.9 microuptime.9 \ module.9 mtx_pool.9 mutex.9 \ |