diff options
| author | Tom Rhodes <trhodes@FreeBSD.org> | 2004-08-21 20:26:03 +0000 |
|---|---|---|
| committer | Tom Rhodes <trhodes@FreeBSD.org> | 2004-08-21 20:26:03 +0000 |
| commit | 45fd0f24bbc99ac38e1bcc2583976993e940ca12 (patch) | |
| tree | 76f4b6490e36077596ce57ee0d181ec249decf73 /share/man/man4/mac_bsdextended.4 | |
| parent | 66189a39ec8b5fa371b643f511468b3863b3abde (diff) | |
Document recently added features and bump the doc date.
Notes
Notes:
svn path=/head/; revision=134134
Diffstat (limited to 'share/man/man4/mac_bsdextended.4')
| -rw-r--r-- | share/man/man4/mac_bsdextended.4 | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/share/man/man4/mac_bsdextended.4 b/share/man/man4/mac_bsdextended.4 index 8b087a29e4da..aa4d35bec2c8 100644 --- a/share/man/man4/mac_bsdextended.4 +++ b/share/man/man4/mac_bsdextended.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 16, 2002 +.Dd August 21, 2004 .Os .Dt MAC_BSDEXTENDED 4 .Sh NAME @@ -79,8 +79,44 @@ list of rules until a rule which denies the particular access is found, or the end of the list is reached. +The +.Nm +policy works similar to +.Xr ipfw 8 +or by using a +.Em first match semantic . +This means that not all rules are applied, +only the first matched rule; thus if +Rule A allows access and Rule B blocks +access, Rule B will never be applied. +.Pp +.Ss Sysctls +The following sysctls may be used to tweak the behavior of +.Nm : +.Bl -tag -width indent +.It Va security.mac.bsdextended.enabled +Set to zero or one to toggle the policy on or off. +.It Va security.mac.bsdextended.rule_count +List the number of defined rules, the maximum rule count is +current set at 256. +.It Va security.mac.bsdextended.rule_slots +List the number of rule slots currently being used. +.It Va security.mac.bsdextended.debugging +Toggle between debugging mode, currently this does +nothing and will soon be removed. +.It Va security.mac.bsdextended.firstmatch_enabled +Toggle between the old all rules match functionality +and the new first rule matches functionality. +.It Va security.mac.bsdextended.logging +Log all access violations via the +.Dv AUTHPRIV +.Xr syslog 3 +facility. +.It Va security.mac.bsdextended.rules +Currently does nothing interesting. .Sh SEE ALSO .Xr libugidfw 3 , +.Xr syslog 3 , .Xr mac 4 , .Xr mac_biba 4 , .Xr mac_ifoff 4 , @@ -91,6 +127,7 @@ or the end of the list is reached. .Xr mac_portacl 4 , .Xr mac_seeotheruids 4 , .Xr mac_test 4 , +.Xr ipfw 8 , .Xr ugidfw 8 , .Xr mac 9 .Sh HISTORY @@ -101,6 +138,9 @@ policy module first appeared in and was developed by the .Tn TrustedBSD Project. +.Pp +The "match first case" and logging capabilities were later added by +.An Tom Rhodes Aq trhodes@FreeBSD.org . .Sh AUTHORS This software was contributed to the .Fx |