aboutsummaryrefslogtreecommitdiff
path: root/share/man/man9/mac.9
Commit message (Collapse)AuthorAgeFilesLines
* Remove $FreeBSD$: two-line nroff patternWarner Losh2023-08-161-2/+0
| | | | Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
* mac(9): update SEE ALSOMitchell Horne2023-06-121-10/+1
| | | | | | | | | | | Rather than maintaining an incomplete list of MAC modules references, just reference mac(4), where such a list can be found. Reviewed by: Mina Galić <freebsd@igalic.co> Reviewed by: Pau Amma <pauamma@gundo.com> MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D40485
* mac: add new mac_ddb(4) policyMitchell Horne2022-07-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Generally, access to the kernel debugger is considered to be unsafe from a security perspective since it presents an unrestricted interface to inspect or modify the system state, including sensitive data such as signing keys. However, having some access to debugger functionality on production systems may be useful in determining the cause of a panic or hang. Therefore, it is desirable to have an optional policy which allows limited use of ddb(4) while disabling the functionality which could reveal system secrets. This loadable MAC module allows for the use of some ddb(4) commands while preventing the execution of others. The commands have been broadly grouped into three categories: - Those which are 'safe' and will not emit sensitive data (e.g. trace). Generally, these commands are deterministic and don't accept arguments. - Those which are definitively unsafe (e.g. examine <addr>, search <addr> <value>) - Commands which may be safe to execute depending on the arguments provided (e.g. show thread <addr>). Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag. Commands requiring extra validation can provide a function to do so. For example, 'show thread <addr>' can be used as long as addr can be checked against the system's list of process structures. The policy also prevents debugger backends other than ddb(4) from executing, for example gdb(4). Reviewed by: markj, pauamma_gundo.com (manpages) Sponsored by: Juniper Networks, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D35371
* Fix a slew of mdoc warnings/errors.Christian Brueffer2022-04-121-1/+1
|
* sys/*/conf/*, docs: fix links to handbookCeri Davies2021-05-201-2/+2
| | | | | | | | | | | | While here, fix all links to older en_US.ISO8859-1 documentation in the src/ tree. PR: 255026 Reported by: Michael Büker <freebsd@michael-bueker.de> Reviewed by: dbaio Approved by: blackend (mentor), re (gjb) MFC after: 10 days Differential Revision: https://reviews.freebsd.org/D30265
* Add Xrefs to the new VOP_SETLABEL(9) from mac(9) and vnode(9).Robert Watson2021-02-271-2/+3
| | | | MFC after: 3 days
* Update several more URLsEitan Adler2017-10-291-1/+1
| | | | | | | | - Primarily http -> https - Primarily FreeBSD project URLs Notes: svn path=/head/; revision=325096
* Update Capsicum and Mandatory Access Control manual pagesEdward Tomasz Napierala2015-07-251-16/+1
| | | | | | | | | | | | to no longer claim they are experimental. Reviewed by: rwatson@, wblock@ MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D2985 Notes: svn path=/head/; revision=285873
* Use the newly brought %U macro.Ruslan Ermilov2010-01-151-1/+1
| | | | Notes: svn path=/head/; revision=202386
* Gah. Replace another instance of "Developer's Handbook" withJoel Dahl2006-07-111-1/+1
| | | | | | | "Architecture Handbook". Notes: svn path=/head/; revision=160261
* The TrustedBSD MAC Framework is documented in the Architecture handbook,Joel Dahl2006-07-101-3/+3
| | | | | | | | | not in the Developers handbook. Submitted by: Samy Al Bahra Notes: svn path=/head/; revision=160247
* Use 'manual page' instead of 'man page' for consistency.Hiten Pandya2005-06-281-1/+1
| | | | | | | Approved by: re (hrs) Notes: svn path=/head/; revision=147647
* Remove Xref to nonexistant cap.3Christian Brueffer2005-02-051-1/+0
| | | | | | | | Ok'ed by: rwatson MFC after: 3 days Notes: svn path=/head/; revision=141359
* Xref mac_lomac.4 instead of lomac.4Christian Brueffer2005-02-051-1/+1
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=141355
* Sort sections.Ruslan Ermilov2005-01-211-5/+5
| | | | Notes: svn path=/head/; revision=140561
* Mechanically kill hard sentence breaks and double whitespaces.Ruslan Ermilov2004-07-031-1/+1
| | | | Notes: svn path=/head/; revision=131530
* Assorted markup, spelling, and grammar fixes.Ruslan Ermilov2004-06-161-1/+1
| | | | Notes: svn path=/head/; revision=130582
* Update copyright on mac.9 for 2004. Use "-" for copyright yearRobert Watson2004-02-261-3/+9
| | | | | | | | | | | | ranges. Add additional credits for contributions to the MAC Framework. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research Notes: svn path=/head/; revision=126256
* I don't normally use my middle name, so remove it from attributions inDag-Erling Smørgrav2004-01-251-1/+1
| | | | | | | | man pages (though not from copyright notices). While I'm here, add email addresses where appropriate. Notes: svn path=/head/; revision=124963
* Include a proper reference to the Developers' Handbook in theChris Costello2003-01-081-0/+4
| | | | | | | | | SEE ALSO section. Sponsored by: DARPA, Network Associates Laboratories Notes: svn path=/head/; revision=108936
* english(4) police.Jens Schweikhardt2002-12-271-1/+1
| | | | Notes: svn path=/head/; revision=108317
* Add and fix cross-references.Chris Costello2002-12-121-0/+8
| | | | | | | | Prompted by: rwatson, dcs Sponsored by: DARPA, Network Associates Labs Notes: svn path=/head/; revision=107795
* mdoc(7) police: markup overhaul.Ruslan Ermilov2002-12-121-19/+33
| | | | | | | Approved by: re Notes: svn path=/head/; revision=107780
* Spelling: "current" -> "currently"Chris Costello2002-12-021-1/+1
| | | | | | | | Approved by: re Sponsored by: DARPA, Network Associates Labs Notes: svn path=/head/; revision=107478
* License: update, remove clause three of BSD license per approval ofRobert Watson2002-11-041-4/+20
| | | | | | | | | | | | | NAI. Add cautionary notes on the experimental status of the MAC Framework in FreeBSD 5.0. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Notes: svn path=/head/; revision=106419
* Add mac(9), a man page providing a basic introduction to the conceptsRobert Watson2002-10-211-0/+199
associated with the TrustedBSD MAC Framework, as well as some credits to developers and contributors. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Notes: svn path=/head/; revision=105665
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-14 22:14:11 +0000