mac_bsdextended: Use SYSCTL VARIABLES section

All the other man pages, except iicbus(4), use .Sh SYSCTL VARIABLES for
documentig sysctls. iicbus(4) has a legitmate reason for varying,
though.

Spons

mac_bsdextended: Use SYSCTL VARIABLES section

All the other man pages, except iicbus(4), use .Sh SYSCTL VARIABLES for
documentig sysctls. iicbus(4) has a legitmate reason for varying,
though.

Sponsored by: Netflix

show more ...

Remove $FreeBSD$: two-line nroff pattern

Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/

mac: add new mac_ddb(4) policy

Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the sy

mac: add new mac_ddb(4) policy

Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the system state, including sensitive data such as
signing keys.

However, having some access to debugger functionality on production
systems may be useful in determining the cause of a panic or hang.
Therefore, it is desirable to have an optional policy which allows
limited use of ddb(4) while disabling the functionality which could
reveal system secrets.

This loadable MAC module allows for the use of some ddb(4) commands
while preventing the execution of others. The commands have been broadly
grouped into three categories:
- Those which are 'safe' and will not emit sensitive data (e.g. trace).
Generally, these commands are deterministic and don't accept
arguments.
- Those which are definitively unsafe (e.g. examine <addr>, search
<addr> <value>)
- Commands which may be safe to execute depending on the arguments
provided (e.g. show thread <addr>).

Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag.

Commands requiring extra validation can provide a function to do so.
For example, 'show thread <addr>' can be used as long as addr can be
checked against the system's list of process structures.

The policy also prevents debugger backends other than ddb(4) from
executing, for example gdb(4).

Reviewed by: markj, pauamma_gundo.com (manpages)
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35371

show more ...

Fix mdoc macro usage and style in section 4 manpages.

IFC @r269962

Submitted by: Anish Gupta (akgupt3@gmail.com)

Merge head from 7/28

Sync to HEAD@r269943.

use .Mt to mark up email addresses consistently (final part)

PR: 191174
Submitted by: Franco Fichtner <franco at lastsummer.de>

Update to current version of head.

mdoc: order prologue macros consistently by Dd/Dt/Os

Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by: ru
Appro

mdoc: order prologue macros consistently by Dd/Dt/Os

Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by: ru
Approved by: philip, ed (mentors)

show more ...

Fix sentence structure to follow a better logic (zero is disable and
one is enable).

Avoid using the word "interface" twice in a sentence.

Close a .Bl list with an .El to fix a groff warning.

Remove the debugging tunable, it was not being used.
Enable first match by default.[1]

We should: rwatson [1]

Document recently added features and bump the doc date.

Mechanically kill hard sentence breaks and double whitespaces.

Assorted mdoc(7) fixes.

Kill whitespace at EOL.

Approved by: re (blanket)

Document the new mac_portacl(4) policy.

Sponsored by: DARPA, Network Associates Laboratories
Obtained from: TrustedBSD Project

Update cross-references to include mac(4).

Sponsored by: DARPA, Network Associates Laboratories

o Refer to "Network Associates Laboratories" instead of "NAI Labs" or
"Network Associates Labs" in the copyright notice.
o Remove clause #3 in the license terms.
o Remove the line break from my nam

o Refer to "Network Associates Laboratories" instead of "NAI Labs" or
"Network Associates Labs" in the copyright notice.
o Remove clause #3 in the license terms.
o Remove the line break from my name.

Sponsored by: DARPA, Network Associates Laboratories

show more ...

Cross-reference mac_lomac.4

Sponsored by: DARPA, Network Associates Laboratories

Refer to the now-existent `options MAC_BSDEXTENDED'.

MFC Candidate.

Prompted by: dcs
Sponsored by: DARPA, Network Associates Laboratories

Document the following MAC policies:
o ifoff: Interface silencing policy
o partition: Process partitioning policy

Add associated Makefile entries and man page cross-references.

Obtained from: Trust

Document the following MAC policies:
o ifoff: Interface silencing policy
o partition: Process partitioning policy

Add associated Makefile entries and man page cross-references.

Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Labs
Approved by: re (blanket)

show more ...

Document the following MAC policies:
o None: Stub policy
o Seeotheruids: The "see processes and sockets owned by other users" policy
o Test: Debugging policy

Standardize the SYNOPSIS and HISTORY sec

Document the following MAC policies:
o None: Stub policy
o Seeotheruids: The "see processes and sockets owned by other users" policy
o Test: Debugging policy

Standardize the SYNOPSIS and HISTORY sections.

Update SEE ALSO sections.

show more ...