mac.9 - OpenGrok cross reference for /freebsd/share/man/man9/mac.9

Lines Matching +full:system +full:- +full:on +full:- +full:module
1 .\"-
2 .\" Copyright (c) 1999-2002 Robert N. M. Watson
3 .\" Copyright (c) 2002-2004 Networks Associates Technology, Inc.
10 .\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
29 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
52 introduced system security modules to modify system security functionality.
64 The MAC framework manages labels on a variety of types of in-kernel
68 Label data on kernel objects, represented by
70 is policy-unaware, and may be used in the manner seen fit by policy modules.
75 MAC-relevant operations, accept one or more subjects (credentials)
76 authorizing the activity, a set of objects on which the operation
93 .Ss API for Module Writers
94 Each module exports a structure describing the MAC API operations that
95 the module chooses to implement, including initialization and destruction
99 Module authors may choose to only implement a subset of the entry points,
102 permitting the framework to avoid calling into the module.
103 .Ss Locking for Module Writers
104 Module writers must be aware of the locking semantics of entry points
111 MAC module writers must also be aware that MAC API entry points will
116 specifically maintained and ordered by the policy module, or the
117 policy module might violate a global ordering requirement relating
120 Finally, MAC API module implementors must be careful to avoid
122 makes use of locking to prevent inconsistencies during policy module
130 protect system subjects and objects, it is important that kernel
139 kernel service, extending the front-end implementation of the MAC API
144 System service and module authors should reference the
146 for information on the MAC Framework APIs.
159 .%U "https://docs.freebsd.org/en/books/arch-handbook/"
173 N66001-01-C-8035
177 .An -nosplit
200 Sub-contracted staff include:
202 .An Poul-Henning Kamp ,
205 .An Dag-Erling Sm\(/orgrav .
221 As such, MAC Framework policies should not be relied on, in isolation,