/share/man/man4/mac_stub.4

https://bitbucket.org/freebsd/freebsd-head/ · Forth · 116 lines · 116 code · 0 blank · 0 comment · 3 complexity · c7f20e92910bf7893d6148ef861889c6 MD5 · raw file

  1. .\" Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
  2. .\" All rights reserved.
  3. .\"
  4. .\" This software was developed for the FreeBSD Project by Chris Costello
  5. .\" at Safeport Network Services and Network Associates Laboratories, the
  6. .\" Security Research Division of Network Associates, Inc. under
  7. .\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
  8. .\" DARPA CHATS research program.
  9. .\"
  10. .\" Redistribution and use in source and binary forms, with or without
  11. .\" modification, are permitted provided that the following conditions
  12. .\" are met:
  13. .\" 1. Redistributions of source code must retain the above copyright
  14. .\" notice, this list of conditions and the following disclaimer.
  15. .\" 2. Redistributions in binary form must reproduce the above copyright
  16. .\" notice, this list of conditions and the following disclaimer in the
  17. .\" documentation and/or other materials provided with the distribution.
  18. .\"
  19. .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
  20. .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  21. .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  22. .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
  23. .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  24. .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  25. .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  26. .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  27. .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  28. .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  29. .\" SUCH DAMAGE.
  30. .\"
  31. .\" $FreeBSD$
  32. .\"
  33. .Dd December 1, 2002
  34. .Dt MAC_STUB 4
  35. .Os
  36. .Sh NAME
  37. .Nm mac_stub
  38. .Nd "MAC policy stub module"
  39. .Sh SYNOPSIS
  40. To compile the stub policy
  41. into your kernel, place the following lines in your kernel
  42. configuration file:
  43. .Bd -ragged -offset indent
  44. .Cd "options MAC"
  45. .Cd "options MAC_STUB"
  46. .Ed
  47. .Pp
  48. Alternately, to load the stub module at boot time, place the following line
  49. in your kernel configuration file:
  50. .Bd -ragged -offset indent
  51. .Cd "options MAC"
  52. .Ed
  53. .Pp
  54. and in
  55. .Xr loader.conf 5 :
  56. .Bd -literal -offset indent
  57. mac_stub_load="YES"
  58. .Ed
  59. .Sh DESCRIPTION
  60. The
  61. .Nm
  62. policy module implements a stub MAC policy that has no effect on
  63. access control in the system.
  64. Unlike
  65. .Xr mac_none 4 ,
  66. each MAC entry point is defined as a
  67. .Dq no-op ,
  68. so the policy module will be entered for each event, but no change
  69. in system behavior should result.
  70. .Ss Label Format
  71. No labels are defined for
  72. .Nm .
  73. .Sh SEE ALSO
  74. .Xr mac 4 ,
  75. .Xr mac_biba 4 ,
  76. .Xr mac_bsdextended 4 ,
  77. .Xr mac_ifoff 4 ,
  78. .Xr mac_lomac 4 ,
  79. .Xr mac_mls 4 ,
  80. .Xr mac_none 4 ,
  81. .Xr mac_partition 4 ,
  82. .Xr mac_portacl 4 ,
  83. .Xr mac_seeotheruids 4 ,
  84. .Xr mac_test 4 ,
  85. .Xr mac 9
  86. .Sh HISTORY
  87. The
  88. .Nm
  89. policy module first appeared in
  90. .Fx 5.1
  91. and was developed by the
  92. .Tn TrustedBSD
  93. Project.
  94. .Sh AUTHORS
  95. This software was contributed to the
  96. .Fx
  97. Project by Network Associates Labs,
  98. the Security Research Division of Network Associates
  99. Inc.
  100. under DARPA/SPAWAR contract N66001-01-C-8035
  101. .Pq Dq CBOSS ,
  102. as part of the DARPA CHATS research program.
  103. .Sh BUGS
  104. See
  105. .Xr mac 9
  106. concerning appropriateness for production use.
  107. The
  108. .Tn TrustedBSD
  109. MAC Framework is considered experimental in
  110. .Fx .
  111. .Pp
  112. While the MAC Framework design is intended to support the containment of
  113. the root user, not all attack channels are currently protected by entry
  114. point checks.
  115. As such, MAC Framework policies should not be relied on, in isolation,
  116. to protect against a malicious privileged user.