History log of /freebsd/share/man/man4/mac_lomac.4 (Results 1 – 25 of 33)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: release/14.0.0
# fa9896e0 16-Aug-2023 Warner Losh <imp@FreeBSD.org>

Remove $FreeBSD$: two-line nroff pattern

Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
Revision tags: release/13.2.0, release/12.4.0
# 287d467c 18-Jul-2022 Mitchell Horne <mhorne@FreeBSD.org>

mac: add new mac_ddb(4) policy

Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the sy

mac: add new mac_ddb(4) policy

Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the system state, including sensitive data such as
signing keys.

However, having some access to debugger functionality on production
systems may be useful in determining the cause of a panic or hang.
Therefore, it is desirable to have an optional policy which allows
limited use of ddb(4) while disabling the functionality which could
reveal system secrets.

This loadable MAC module allows for the use of some ddb(4) commands
while preventing the execution of others. The commands have been broadly
grouped into three categories:
- Those which are 'safe' and will not emit sensitive data (e.g. trace).
Generally, these commands are deterministic and don't accept
arguments.
- Those which are definitively unsafe (e.g. examine <addr>, search
<addr> <value>)
- Commands which may be safe to execute depending on the arguments
provided (e.g. show thread <addr>).

Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag.

Commands requiring extra validation can provide a function to do so.
For example, 'show thread <addr>' can be used as long as addr can be
checked against the system's list of process structures.

The policy also prevents debugger backends other than ddb(4) from
executing, for example gdb(4).

Reviewed by: markj, pauamma_gundo.com (manpages)
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35371

show more ...


Revision tags: release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0, release/10.4.0, release/11.1.0, release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0, release/8.4.0, release/9.1.0
# 23090366 04-Nov-2012 Simon J. Gerraty <sjg@FreeBSD.org>

Sync from head
# de720122 15-Jul-2012 Gleb Smirnoff <glebius@FreeBSD.org>

Merge head r236710 through r238467.
# 6cf87ec8 13-Jul-2012 Xin LI <delphij@FreeBSD.org>

IFC @238412.
# b652778e 11-Jul-2012 Peter Grehan <grehan@FreeBSD.org>

IFC @ r238370
# 9de4ce04 10-Jun-2012 Tom Rhodes <trhodes@FreeBSD.org>

"on the their types." -> "on their types."
# 6a068746 15-May-2012 Alexander Motin <mav@FreeBSD.org>

MFC
# 38f1b189 26-Apr-2012 Peter Grehan <grehan@FreeBSD.org>

IFC @ r234692

sys/amd64/include/cpufunc.h
sys/amd64/include/fpu.h
sys/amd64/amd64/fpu.c
sys/amd64/vmm/vmm.c

- Add API to allow vmm FPU state init/save/restore.

FP stuff discussed with: kib
Revision tags: release/8.3.0_cvs, release/8.3.0
# 867099fa 08-Mar-2012 Gleb Smirnoff <glebius@FreeBSD.org>

Merge head up to r232685 to projects/pf/head.
# 3102cfe2 25-Feb-2012 Glen Barber <gjb@FreeBSD.org>

Fix various typos in manual pages.

Submitted by: amdmi3
PR: 165431
MFC after: 1 week
Revision tags: release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0
# 0d9deed5 08-Oct-2010 Ulrich Spörlein <uqs@FreeBSD.org>

mdoc: drop redundant .Pp and .LP calls

They have no effect when coming in pairs, or before .Bl/.Bd
# c2025a76 16-Aug-2010 Joel Dahl <joel@FreeBSD.org>

Fix typos, spelling, formatting and mdoc mistakes found by Nobuyuki while
translating these manual pages. Minor corrections by me.

Submitted by: Nobuyuki Koganemaru <n-kogane@syd.odn.ne.jp>
Revision tags: release/8.1.0_cvs, release/8.1.0
# a4bf5fb9 28-Apr-2010 Kirk McKusick <mckusick@FreeBSD.org>

Update to current version of head.
# aa12cea2 14-Apr-2010 Ulrich Spörlein <uqs@FreeBSD.org>

mdoc: order prologue macros consistently by Dd/Dt/Os

Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by: ru
Appro

mdoc: order prologue macros consistently by Dd/Dt/Os

Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by: ru
Approved by: philip, ed (mentors)

show more ...


Revision tags: release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0, release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0, release/6.2.0_cvs, release/6.2.0, release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0, release/5.4.0_cvs, release/5.4.0, release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0
# 5203edcd 03-Jul-2004 Ruslan Ermilov <ru@FreeBSD.org>

Mechanically kill hard sentence breaks and double whitespaces.
Revision tags: release/4.10.0_cvs, release/4.10.0, release/5.2.1_cvs, release/5.2.1, release/5.2.0_cvs, release/5.2.0, release/4.9.0_cvs, release/4.9.0
# c2d6966a 08-Jun-2003 Philippe Charnier <charnier@FreeBSD.org>

Add or correct section number in .Xr
Revision tags: release/5.1.0_cvs, release/5.1.0
# 3cc3bf52 01-Jun-2003 Ruslan Ermilov <ru@FreeBSD.org>

Assorted mdoc(7) fixes.
# 149c7230 21-May-2003 Ruslan Ermilov <ru@FreeBSD.org>

Kill whitespace at EOL.

Approved by: re (blanket)
Revision tags: release/4.8.0_cvs, release/4.8.0
# 0c6e926f 31-Mar-2003 Chris Costello <chris@FreeBSD.org>

Document the new mac_portacl(4) policy.

Sponsored by: DARPA, Network Associates Laboratories
Obtained from: TrustedBSD Project
# daa1772e 20-Jan-2003 Chris Costello <chris@FreeBSD.org>

Properly mark up column lists. This does not affect output; I just had
the arguments to .Bl incorrect.

Sponsored by: DARPA, Network Associates Laboratories
Revision tags: release/5.0.0_cvs, release/5.0.0
# ccf09d7c 15-Jan-2003 Chris Costello <chris@FreeBSD.org>

Update cross-references to include mac(4).

Sponsored by: DARPA, Network Associates Laboratories
# 5792da74 08-Jan-2003 Chris Costello <chris@FreeBSD.org>

o Refer to "Network Associates Laboratories" instead of "NAI Labs" or
"Network Associates Labs" in the copyright notice.
o Remove clause #3 in the license terms.
o Remove the line break from my nam

o Refer to "Network Associates Laboratories" instead of "NAI Labs" or
"Network Associates Labs" in the copyright notice.
o Remove clause #3 in the license terms.
o Remove the line break from my name.

Sponsored by: DARPA, Network Associates Laboratories

show more ...


# 8a51e9cb 08-Jan-2003 Chris Costello <chris@FreeBSD.org>

Document the LOMAC security policy.
This man page was co-written by Brian Feldman <green>.

Sponsored by: DARPA, Network Associates Laboratories
Revision tags: release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0, release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0, release/6.2.0_cvs, release/6.2.0, release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0, release/5.4.0_cvs, release/5.4.0, release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0
# 5203edcd 03-Jul-2004 Ruslan Ermilov <ru@FreeBSD.org>

Mechanically kill hard sentence breaks and double whitespaces.

12