/share/man/man4/mac_stub.4
https://bitbucket.org/freebsd/freebsd-head/ · Forth · 116 lines · 116 code · 0 blank · 0 comment · 3 complexity · c7f20e92910bf7893d6148ef861889c6 MD5 · raw file
- .\" Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
- .\" All rights reserved.
- .\"
- .\" This software was developed for the FreeBSD Project by Chris Costello
- .\" at Safeport Network Services and Network Associates Laboratories, the
- .\" Security Research Division of Network Associates, Inc. under
- .\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- .\" DARPA CHATS research program.
- .\"
- .\" Redistribution and use in source and binary forms, with or without
- .\" modification, are permitted provided that the following conditions
- .\" are met:
- .\" 1. Redistributions of source code must retain the above copyright
- .\" notice, this list of conditions and the following disclaimer.
- .\" 2. Redistributions in binary form must reproduce the above copyright
- .\" notice, this list of conditions and the following disclaimer in the
- .\" documentation and/or other materials provided with the distribution.
- .\"
- .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
- .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
- .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- .\" SUCH DAMAGE.
- .\"
- .\" $FreeBSD$
- .\"
- .Dd December 1, 2002
- .Dt MAC_STUB 4
- .Os
- .Sh NAME
- .Nm mac_stub
- .Nd "MAC policy stub module"
- .Sh SYNOPSIS
- To compile the stub policy
- into your kernel, place the following lines in your kernel
- configuration file:
- .Bd -ragged -offset indent
- .Cd "options MAC"
- .Cd "options MAC_STUB"
- .Ed
- .Pp
- Alternately, to load the stub module at boot time, place the following line
- in your kernel configuration file:
- .Bd -ragged -offset indent
- .Cd "options MAC"
- .Ed
- .Pp
- and in
- .Xr loader.conf 5 :
- .Bd -literal -offset indent
- mac_stub_load="YES"
- .Ed
- .Sh DESCRIPTION
- The
- .Nm
- policy module implements a stub MAC policy that has no effect on
- access control in the system.
- Unlike
- .Xr mac_none 4 ,
- each MAC entry point is defined as a
- .Dq no-op ,
- so the policy module will be entered for each event, but no change
- in system behavior should result.
- .Ss Label Format
- No labels are defined for
- .Nm .
- .Sh SEE ALSO
- .Xr mac 4 ,
- .Xr mac_biba 4 ,
- .Xr mac_bsdextended 4 ,
- .Xr mac_ifoff 4 ,
- .Xr mac_lomac 4 ,
- .Xr mac_mls 4 ,
- .Xr mac_none 4 ,
- .Xr mac_partition 4 ,
- .Xr mac_portacl 4 ,
- .Xr mac_seeotheruids 4 ,
- .Xr mac_test 4 ,
- .Xr mac 9
- .Sh HISTORY
- The
- .Nm
- policy module first appeared in
- .Fx 5.1
- and was developed by the
- .Tn TrustedBSD
- Project.
- .Sh AUTHORS
- This software was contributed to the
- .Fx
- Project by Network Associates Labs,
- the Security Research Division of Network Associates
- Inc.
- under DARPA/SPAWAR contract N66001-01-C-8035
- .Pq Dq CBOSS ,
- as part of the DARPA CHATS research program.
- .Sh BUGS
- See
- .Xr mac 9
- concerning appropriateness for production use.
- The
- .Tn TrustedBSD
- MAC Framework is considered experimental in
- .Fx .
- .Pp
- While the MAC Framework design is intended to support the containment of
- the root user, not all attack channels are currently protected by entry
- point checks.
- As such, MAC Framework policies should not be relied on, in isolation,
- to protect against a malicious privileged user.