| #
4c0435d9 |
| 30-Dec-2024 |
Juraj Lutter <otis@FreeBSD.org> |
mac(4): Mention mac_do(4)
Mention also mac_do(4) in the mac(4) manual page.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D48255
|
|
Revision tags: release/14.2.0, release/13.4.0, release/14.1.0, release/13.3.0, release/14.0.0 |
|
| #
fa9896e0 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: two-line nroff pattern
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
| #
215bab79 |
| 25-Jul-2023 |
Shivank Garg <shivank@freebsd.org> |
mac_ipacl: new MAC policy module to limit jail/vnet IP configuration
The mac_ipacl policy module enables fine-grained control over IP address
configuration within VNET jails from the base system.
It
mac_ipacl: new MAC policy module to limit jail/vnet IP configuration
The mac_ipacl policy module enables fine-grained control over IP address
configuration within VNET jails from the base system.
It allows the root user to define rules governing IP addresses for
jails and their interfaces using the sysctl interface.
Requested by: multiple
Sponsored by: Google, Inc. (GSoC 2019)
MFC after: 2 months
Reviewed by: bz, dch (both earlier versions)
Differential Revision: https://reviews.freebsd.org/D20967
show more ...
|
| #
e2cb7201 |
| 12-Jun-2023 |
Mitchell Horne <mhorne@FreeBSD.org> |
mac(4): update the references to MAC modules
Add entries for mac_ntpd(4) and mac_priority(4) to the table of MAC
modules.
Drop the entry for mac_none(4) from the list, but retain the
cross-referenc
mac(4): update the references to MAC modules
Add entries for mac_ntpd(4) and mac_priority(4) to the table of MAC
modules.
Drop the entry for mac_none(4) from the list, but retain the
cross-reference in SEE ALSO. This module has no functional impact and is
of minimal interest to users. Add a new cross-reference to the similar
mac_stub(4), limited to SEE ALSO for the same reasoning.
Reviewed by: Pau Amma <pauamma@gundo.com>
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40483
show more ...
|
|
Revision tags: release/13.2.0, release/12.4.0 |
|
| #
287d467c |
| 18-Jul-2022 |
Mitchell Horne <mhorne@FreeBSD.org> |
mac: add new mac_ddb(4) policy
Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the sy
mac: add new mac_ddb(4) policy
Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the system state, including sensitive data such as
signing keys.
However, having some access to debugger functionality on production
systems may be useful in determining the cause of a panic or hang.
Therefore, it is desirable to have an optional policy which allows
limited use of ddb(4) while disabling the functionality which could
reveal system secrets.
This loadable MAC module allows for the use of some ddb(4) commands
while preventing the execution of others. The commands have been broadly
grouped into three categories:
- Those which are 'safe' and will not emit sensitive data (e.g. trace).
Generally, these commands are deterministic and don't accept
arguments.
- Those which are definitively unsafe (e.g. examine <addr>, search
<addr> <value>)
- Commands which may be safe to execute depending on the arguments
provided (e.g. show thread <addr>).
Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag.
Commands requiring extra validation can provide a function to do so.
For example, 'show thread <addr>' can be used as long as addr can be
checked against the system's list of process structures.
The policy also prevents debugger backends other than ddb(4) from
executing, for example gdb(4).
Reviewed by: markj, pauamma_gundo.com (manpages)
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35371
show more ...
|
|
Revision tags: release/13.1.0, release/12.3.0 |
|
| #
c1a14887 |
| 20-May-2021 |
Ceri Davies <ceri@FreeBSD.org> |
sys/*/conf/*, docs: fix links to handbook
While here, fix all links to older en_US.ISO8859-1 documentation
in the src/ tree.
PR: 255026
Reported by: Michael Büker <freebsd@michael-bu
sys/*/conf/*, docs: fix links to handbook
While here, fix all links to older en_US.ISO8859-1 documentation
in the src/ tree.
PR: 255026
Reported by: Michael Büker <freebsd@michael-bueker.de>
Reviewed by: dbaio
Approved by: blackend (mentor), re (gjb)
MFC after: 10 days
Differential Revision: https://reviews.freebsd.org/D30265
show more ...
|
|
Revision tags: release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0 |
|
| #
c2c014f2 |
| 07-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r323559 through r325504.
|
| #
3c5ab8c1 |
| 30-Oct-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r325119
|
| #
a2aef24a |
| 29-Oct-2017 |
Eitan Adler <eadler@FreeBSD.org> |
Update several more URLs
- Primarily http -> https
- Primarily FreeBSD project URLs
|
|
Revision tags: release/10.4.0, release/11.1.0, release/11.0.1, release/11.0.0, release/10.3.0 |
|
| #
f94594b3 |
| 12-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Finish merging from head, messed up in previous attempt
|
| #
ab875b71 |
| 14-Aug-2015 |
Navdeep Parhar <np@FreeBSD.org> |
Catch up with head, primarily for the 1.14.4.0 firmware.
|
|
Revision tags: release/10.2.0 |
|
| #
5f78ec1c |
| 28-Jul-2015 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r285793 through r285923.
|
| #
208a8b95 |
| 25-Jul-2015 |
Edward Tomasz Napierala <trasz@FreeBSD.org> |
Update Capsicum and Mandatory Access Control manual pages
to no longer claim they are experimental.
Reviewed by: rwatson@, wblock@
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential
Update Capsicum and Mandatory Access Control manual pages
to no longer claim they are experimental.
Reviewed by: rwatson@, wblock@
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D2985
show more ...
|
|
Revision tags: release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0, release/8.4.0, release/9.1.0, release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0 |
|
| #
a4bf5fb9 |
| 28-Apr-2010 |
Kirk McKusick <mckusick@FreeBSD.org> |
Update to current version of head.
|
| #
aa12cea2 |
| 14-Apr-2010 |
Ulrich Spörlein <uqs@FreeBSD.org> |
mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.
Reviewed by: ru
Appro
mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.
Reviewed by: ru
Approved by: philip, ed (mentors)
show more ...
|
|
Revision tags: release/7.3.0_cvs, release/7.3.0 |
|
| #
1a0fda2b |
| 04-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
IFH@204581
|
| #
aa4a335b |
| 15-Jan-2010 |
Ruslan Ermilov <ru@FreeBSD.org> |
Use the newly brought %U macro.
|
|
Revision tags: release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0, release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
| #
ca65fde5 |
| 30-Oct-2007 |
Giorgos Keramidas <keramida@FreeBSD.org> |
mdoc warning fix: Remove a spurious .El request.
MFC after: 3 days
|
| #
17ca0f3c |
| 27-Jun-2007 |
Kevin Lo <kevlo@FreeBSD.org> |
Remove a section on the area of the debugging sysctls used to tune
enforcement.
Approved by: re (rwatson)
|
|
Revision tags: release/6.2.0_cvs, release/6.2.0, release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0, release/5.4.0_cvs, release/5.4.0, release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0 |
|
| #
5203edcd |
| 03-Jul-2004 |
Ruslan Ermilov <ru@FreeBSD.org> |
Mechanically kill hard sentence breaks and double whitespaces.
|
|
Revision tags: release/4.10.0_cvs, release/4.10.0, release/5.2.1_cvs, release/5.2.1, release/5.2.0_cvs, release/5.2.0, release/4.9.0_cvs, release/4.9.0, release/5.1.0_cvs, release/5.1.0 |
|
| #
3cc3bf52 |
| 01-Jun-2003 |
Ruslan Ermilov <ru@FreeBSD.org> |
Assorted mdoc(7) fixes.
|
| #
149c7230 |
| 21-May-2003 |
Ruslan Ermilov <ru@FreeBSD.org> |
Kill whitespace at EOL.
Approved by: re (blanket)
|
|
Revision tags: release/4.8.0_cvs, release/4.8.0 |
|
| #
0c6e926f |
| 31-Mar-2003 |
Chris Costello <chris@FreeBSD.org> |
Document the new mac_portacl(4) policy.
Sponsored by: DARPA, Network Associates Laboratories
Obtained from: TrustedBSD Project
|
| #
9c73007c |
| 23-Feb-2003 |
Chris Costello <chris@FreeBSD.org> |
o Improve vocabulary/wording
o Expand on MAC policy enforcement on network interfaces
o Add cross-references to su(1) and setfsmac(8) where appropriate
o Comment out mmap revocation sysctls as they a
o Improve vocabulary/wording
o Expand on MAC policy enforcement on network interfaces
o Add cross-references to su(1) and setfsmac(8) where appropriate
o Comment out mmap revocation sysctls as they are a bit too experimental
o Add the standard BUGS section
Prompted by: rwatson
Sponsored by: DARPA, Network Associates Laboratories
show more ...
|
| #
d29d42d8 |
| 16-Feb-2003 |
Chris Costello <chris@FreeBSD.org> |
Include a section about enabling MAC on UFS2 file systems. UFS1 is
a bit more challenging and will be added later.
Sponsored by: DARPA, Network Associates Laboratories
|