summaryrefslogtreecommitdiffstats
path: root/share/man/man4/mac_mls.4
diff options
context:
space:
mode:
Diffstat (limited to 'share/man/man4/mac_mls.4')
-rw-r--r--share/man/man4/mac_mls.476
1 files changed, 44 insertions, 32 deletions
diff --git a/share/man/man4/mac_mls.4 b/share/man/man4/mac_mls.4
index f252439..a3f3243 100644
--- a/share/man/man4/mac_mls.4
+++ b/share/man/man4/mac_mls.4
@@ -29,25 +29,32 @@
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
-.Dd DECEMBER 1, 2002
+.\"
+.Dd December 1, 2002
.Os
.Dt MAC_MLS 4
.Sh NAME
.Nm mac_mls
-.Nd Multi-Level Security confidentiality policy
+.Nd "Multi-Level Security confidentiality policy"
.Sh SYNOPSIS
To compile MLS into your kernel, place the following lines in your kernel
configuration file:
+.Bd -ragged -offset indent
.Cd "options MAC"
.Cd "options MAC_MLS"
+.Ed
.Pp
Alternately, to load the MLS module at boot time, place the following line
in your kernel configuration file:
+.Bd -ragged -offset indent
.Cd "options MAC"
+.Ed
.Pp
and in
.Xr loader.conf 5 :
-.Cd mac_mls_load= Ns \&"YES"
+.Bd -literal -offset indent
+mac_mls_load="YES"
+.Ed
.Sh DESCRIPTION
The
.Nm
@@ -74,26 +81,26 @@ With normal labels, dominance is defined as a label having a higher
or equal active sensitivity level, and having at least
all of the same compartments as the label to which it is being compared.
With respect to label comparisons,
-.Dq lower
+.Dq Li lower
is defined as being dominated by the label to which it is being compared,
and
-.Dq higher
+.Dq Li higher
is defined as dominating the label to which it is being compared,
and
-.Dq equal
+.Dq Li equal
is defined as both labels being able to satisfy the dominance requirements
over one another.
.Pp
Three special label values exist:
-.Bl -column -offset indent "mls/equal" "dominated by all other labels"
+.Bl -column -offset indent ".Li mls/equal" "dominated by all other labels"
.It Sy Label Ta Sy Comparison
-.It Li mls/low Ta dominated by all other labels
-.It Li mls/equal Ta equal to all other labels
-.It Li mls/high Ta dominates all other labels
+.It Li mls/low Ta "dominated by all other labels"
+.It Li mls/equal Ta "equal to all other labels"
+.It Li mls/high Ta "dominates all other labels"
.El
.Pp
The
-.Dq mls/equal
+.Dq Li mls/equal
label may be applied to subjects and objects for which no enforcement of the
MLS security policy is desired.
.Pp
@@ -132,10 +139,11 @@ reflecting the classification of the object, or classification of the data
contained in the object.
In general, object labels are represented in the following form:
.Pp
-.Dl mls/grade:compartments
+.Sm off
+.D1 Li mls / Ar grade : compartments
+.Sm on
.Pp
For example:
-.Pp
.Bd -literal -offset indent
mls/10:2+3+6
mls/low
@@ -149,8 +157,10 @@ greater or equal integrity to the low end of the range, and lesser or equal
integrity to the high end of the range.
In general, subject labels are represented in the following form:
.Pp
-.Dl mls/singlegrade:singlecompartments(lograde:locompartments-
-.Dl higrade:hicompartments)
+.Sm off
+.D1 Li mls / Ar singlegrade : singlecompartments ( lograde : locompartments No -
+.D1 Ar higrade : hicompartments )
+.Sm on
.Pp
For example:
.Bd -literal -offset indent
@@ -161,7 +171,7 @@ mls/high(low-high)
Valid ranged labels must meet the following requirement regarding their
elements:
.Pp
-.Dl rangehigh >= single >= rangelow
+.D1 Ar rangehigh No \[>=] Ar single No \[>=] Ar rangelow
.Pp
One class of objects with ranges currently exists, the network interface.
In the case of the network interface, the single label element references
@@ -172,30 +182,27 @@ the interface.
The following
.Xr sysctl 8
MIBs are available for fine-tuning the enforcement of this MAC policy.
-.Bl -tag -width security.mac.mls.enabled
+.Bl -tag -width ".Va security.mac.mls.ptys_equal"
.It Va security.mac.mls.enabled
-Enables the enforcement of the MLS confidentiality policy
-(Default: 1)
+Enables the enforcement of the MLS confidentiality policy.
+(Default: 1).
.It Va security.mac.mls.ptys_equal
Label
-.Sm off
-.Xr pty 4
-s
-.Sm on
+.Xr pty 4 Ns s
as
-.Dq mls/equal
-upon creation
-(Default: 0)
+.Dq Li mls/equal
+upon creation.
+(Default: 0).
.It Va security.mac.mls.revocation_enabled
Revoke access to objects if the label is changed to a more sensitive
-level than the subject
-(Default: 0)
+level than the subject.
+(Default: 0).
.El
.Sh IMPLEMENTATION NOTES
Currently, the
.Nm
policy relies on superuser status
-.Xr ( suser 9 )
+.Pq Xr suser 9
in order to change network interface MLS labels.
This will eventually go away, but it is currently a liability and may
allow the superuser to bypass MLS protections.
@@ -218,19 +225,24 @@ The
.Nm
policy module first appeared in
.Fx 5.0
-and was developed by the TrustedBSD Project.
+and was developed by the
+.Tn TrustedBSD
+Project.
.Sh AUTHORS
This software was contributed to the
.Fx
Project by Network Associates Laboratories,
the Security Research Division of Network Associates
-Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
+Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
-The TrustedBSD MAC Framework is considered experimental in
+The
+.Tn TrustedBSD
+MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of
OpenPOWER on IntegriCloud