mac.4 - OpenGrok cross reference for /freebsd/share/man/man4/mac.4

Lines Matching +full:system +full:- +full:control
7 .\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
36 .Nd Mandatory Access Control
41 The Mandatory Access Control, or MAC, framework allows administrators to
42 finely control system security by providing for a loadable security policy
45 only restrict access relative to one another and the base system policy;
52 .Bl -column ".Xr mac_seeotheruids 4" "ddb(4) interface restrictions" ".Em Labeling" "boot only"
55 .It Xr mac_bsdextended 4 Ta "File system firewall" Ta no Ta any time
59 .It Xr mac_ipacl 4 Ta "IP Address access control" Ta no Ta any time
60 .It Xr mac_lomac 4 Ta "Low-Watermark MAC policy" Ta yes Ta boot only
62 .It Xr mac_ntpd 4 Ta "Non-root NTP Daemon policy" Ta no Ta any time
64 .It Xr mac_portacl 4 Ta "Port bind(2) access control" Ta no Ta any time
66 .It Xr mac_seeotheruids 4 Ta "See-other-UIDs policy" Ta no Ta any time
70 Each system subject (processes, sockets, etc.) and each system object
71 (file system objects, sockets, etc.) can carry with it a MAC label.
73 taken into consideration in making access control decisions
75 Most MAC labels on system subjects and objects
76 can be modified directly or indirectly by the system
84 By default, file system enforcement of labeled MAC policies relies on
85 a single file system label
88 in order to make access control decisions for all the files in a particular
89 file system.
93 for a particular file system,
96 flag must be enabled on the file system.
99 flag, drop to single-user mode and unmount the file system,
102 .Dl "tunefs -l enable" Ar filesystem
112 corresponding to the file system on which to enable multilabel support.
114 Policy enforcement is divided into the following areas of the system:
115 .Bl -ohang
116 .It Sy "File System"
117 File system mounts, modifying directories, modifying files, etc.
145 .It Sy System
148 system accounting
161 From the command line, each type of system object has its own means for setting
163 .Bl -column "user (by login class)" "Xr setfmac 8 , Xr setfsmac 8" -offset indent
165 .It "File system object" Ta Xr setfmac 8 , Xr setfsmac 8
182 returns from various system calls.
198 .\" access to files via copy-on-write semantics;
229 .%T "Mandatory Access Control"
246 under DARPA/SPAWAR contract N66001-01-C-8035