diff options
author | kevlo <kevlo@FreeBSD.org> | 2007-06-27 09:32:50 +0000 |
---|---|---|
committer | kevlo <kevlo@FreeBSD.org> | 2007-06-27 09:32:50 +0000 |
commit | f1e459f03dcc13e62733c3de982b4c1f93b9c395 (patch) | |
tree | ef7b17c18f3ede4acf6e220ec32870a8531dee6b /share | |
parent | 022751eedf81b03ee7cbda32ae6371235d5f9da5 (diff) | |
download | FreeBSD-src-f1e459f03dcc13e62733c3de982b4c1f93b9c395.zip FreeBSD-src-f1e459f03dcc13e62733c3de982b4c1f93b9c395.tar.gz |
Remove a section on the area of the debugging sysctls used to tune
enforcement.
Approved by: re (rwatson)
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man4/mac.4 | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/share/man/man4/mac.4 b/share/man/man4/mac.4 index 38b060d..a490f5a 100644 --- a/share/man/man4/mac.4 +++ b/share/man/man4/mac.4 @@ -109,10 +109,6 @@ or the special file .Pa /dev ) corresponding to the file system on which to enable multilabel support. .Ss Policy Enforcement -MAC can be configured to enforce only specific portions of -policies -(see -.Sx "Runtime Configuration" ) . Policy enforcement is divided into the following areas of the system: .Bl -ohang .It Sy "File System" @@ -187,40 +183,6 @@ The interface for retrieving, handling, and setting policy labels is documented in the .Xr mac 3 man page. -.Ss Runtime Configuration -The following -.Xr sysctl 8 -MIBs are available for fine-tuning the enforcement of MAC policies. -Unless specifically noted, all MIBs default to 1 -(that is, all areas are enforced by default): -.Bl -tag -width ".Va security.mac.enforce_network" -.It Va security.mac.enforce_fs -Enforce MAC policies for file system accesses. -.It Va security.mac.enforce_kld -Enforce MAC policies on -.Xr kld 4 . -.It Va security.mac.enforce_network -Enforce MAC policies on network interfaces. -.It Va security.mac.enforce_pipe -Enforce MAC policies on pipes. -.It Va security.mac.enforce_process -Enforce MAC policies between system processes -(e.g.\& -.Xr ps 1 , -.Xr ktrace 2 ) . -.It Va security.mac.enforce_socket -Enforce MAC policies on sockets. -.It Va security.mac.enforce_system -Enforce MAC policies on system-related items -(e.g.\& -.Xr kenv 1 , -.Xr acct 2 , -.Xr reboot 2 ) . -.It Va security.mac.enforce_vm -Enforce MAC policies on -.Xr mmap 2 -and -.Xr mprotect 2 . .\" *** XXX *** .\" Support for this feature is poor and should not be encouraged. .\" |