From 94946f0dbff44b3ccfe89eea57c6163fed926851 Mon Sep 17 00:00:00 2001 From: trhodes Date: Thu, 6 Jan 2005 01:27:55 +0000 Subject: Early spring cleaning: Unhook lomac(4) manual page and remove it. The code was removed by rwatson over two years ago. --- share/man/man4/Makefile | 1 - share/man/man4/lomac.4 | 140 ------------------------------------------------ 2 files changed, 141 deletions(-) delete mode 100644 share/man/man4/lomac.4 (limited to 'share') diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index 23751bf..96f57e7 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -120,7 +120,6 @@ MAN= aac.4 \ led.4 \ lge.4 \ lo.4 \ - lomac.4 \ lp.4 \ lpbb.4 \ lpt.4 \ diff --git a/share/man/man4/lomac.4 b/share/man/man4/lomac.4 deleted file mode 100644 index b0cfa76..0000000 --- a/share/man/man4/lomac.4 +++ /dev/null @@ -1,140 +0,0 @@ -.\" Copyright (c) 2001 Networks Associates Technology, Inc. -.\" All rights reserved. -.\" -.\" This software was developed for the FreeBSD Project by NAI Labs, the -.\" Security Research Division of Network Associates, Inc. under -.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA -.\" CHATS research program. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote -.\" products derived from this software without specific prior written -.\" permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd November 20, 2001 -.Dt LOMAC 4 -.Os -.Sh NAME -.Nm LOMAC -.Nd Low-Watermark Mandatory Access Control security facility -.Sh SYNOPSIS -.Li "kldload lomac" -.Sh DESCRIPTION -The -.Nm -module provides a drop-in security mechanism in addition to the traditional -.Tn POSIX -UID-based security facilities, requiring no additional configuration -from the administrator. -.Nm -aims to be two things: it is non-intrusive, so that the system with -.Nm -will not feel largely different from the system without it, and will not -require much modification to initialize; it is also comprehensive enough -that a majority of attacks to compromise a system should fail. -.Pp -To this end, each process on the system will have a label of several -attributes, including a -.Dq high -or -.Dq low -security level, attached to it, -and these labels of integrity will be managed with a system cognizant -of IPC (signals, debugging, sockets, pipes), path-based file system -labels, virtual memory objects, and privileged system calls. -A process (or set of vmspace-sharing processes) will initially inherit -the integrity level of its parent, which, at the point of -.Nm -being started with -.Xr kldload 8 , -will be high. -If it reads lower-integrity data from one of the controlled mechanisms, -it will then decrease its integrity level, and access to modify -higher-integrity data will be revoked. -.Sh IMPLEMENTATION NOTES -.Nm -on -.Fx , -as implemented currently, should properly respect all aspects of any -.Xr chroot 8 -or -.Xr jail 8 -operation performed after it has been initialized. -Pre-existing jail or chroot environments may not necessarily work -completely. -.Nm Ns 's -file system should correctly respect the caching behavior of any of the -system's file systems, and so work for any -.Dq normal -or -.Dq synthetic -file systems. -After loaded, another root -.Xr mount 8 -will exist on the system and appear as type -.Dq lomacfs . -.Sh FILES -See -.Pa /sys/security/lomac/policy_plm.h -for specific information on exactly how -.Nm -has been compiled to control access to the file system. -.Sh COMPATIBILITY -Some programs, for example -.Xr syslogd 8 , -may need to be restarted after -.Nm -is initialized for them to continue proper operation. -This version of -.Nm -has not had widespread testing, so some common programs have probably -not been tested and could have issues that need to be worked around or -fixed. -.Sh SEE ALSO -.Xr kldload 8 -.Sh HISTORY -.Nm -was initially implemented for Linux systems over the past several years. -Since then, this implementation was created via funding from the -United States DARPA. -See the copyright for details. -.Sh AUTHORS -.An Brian Fundakowski Feldman Aq bfeldman@tislabs.com -.An Timothy Fraser Aq tfraser@tislabs.com -.Sh BUGS -.Nm -has not gone through widespread testing yet, so many problems may still exist. -There is still yet one unfixed panic which is reproduceable under load -.Xr ( vrele 9 -being called too many times). -The operation of -.Xr mount 2 -and -.Xr unmount 2 -may not work properly or at all once -.Nm -has been loaded. -After being loaded, the system must be restarted to revert to a state -without -.Nm . -- cgit v1.1