/share/man/man4/mac_none.4

https://bitbucket.org/freebsd/freebsd-head/ · Forth · 113 lines · 113 code · 0 blank · 0 comment · 2 complexity · 461697309342563d97be6e5cf1415e2a MD5 · raw file 

    

  1. .\" Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
    2. 

  2. .\" All rights reserved.
    3. 

  3. .\"
    4. 

  4. .\" This software was developed for the FreeBSD Project by Chris Costello
    5. 

  5. .\" at Safeport Network Services and Network Associates Laboratories, the
    6. 

  6. .\" Security Research Division of Network Associates, Inc. under
    7. 

  7. .\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
    8. 

  8. .\" DARPA CHATS research program.
    9. 

  9. .\"
    10. 

  10. .\" Redistribution and use in source and binary forms, with or without
    11. 

  11. .\" modification, are permitted provided that the following conditions
    12. 

  12. .\" are met:
    13. 

  13. .\" 1. Redistributions of source code must retain the above copyright
    14. 

  14. .\"    notice, this list of conditions and the following disclaimer.
    15. 

  15. .\" 2. Redistributions in binary form must reproduce the above copyright
    16. 

  16. .\"    notice, this list of conditions and the following disclaimer in the
    17. 

  17. .\"    documentation and/or other materials provided with the distribution.
    18. 

  18. .\"
    19. 

  19. .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
    20. 

  20. .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    21. 

  21. .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    22. 

  22. .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
    23. 

  23. .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
    24. 

  24. .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
    25. 

  25. .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    26. 

  26. .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
    27. 

  27. .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
    28. 

  28. .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    29. 

  29. .\" SUCH DAMAGE.
    30. 

  30. .\"
    31. 

  31. .\" $FreeBSD$
    32. 

  32. .\"
    33. 

  33. .Dd December 1, 2002
    34. 

  34. .Dt MAC_NONE 4
    35. 

  35. .Os
    36. 

  36. .Sh NAME
    37. 

  37. .Nm mac_none
    38. 

  38. .Nd "null MAC policy module"
    39. 

  39. .Sh SYNOPSIS
    40. 

  40. To compile the null policy
    41. 

  41. into your kernel, place the following lines in your kernel
    42. 

  42. configuration file:
    43. 

  43. .Bd -ragged -offset indent
    44. 

  44. .Cd "options MAC"
    45. 

  45. .Cd "options MAC_NONE"
    46. 

  46. .Ed
    47. 

  47. .Pp
    48. 

  48. Alternately, to load the none module at boot time, place the following line
    49. 

  49. in your kernel configuration file:
    50. 

  50. .Bd -ragged -offset indent
    51. 

  51. .Cd "options MAC"
    52. 

  52. .Ed
    53. 

  53. .Pp
    54. 

  54. and in
    55. 

  55. .Xr loader.conf 5 :
    56. 

  56. .Bd -literal -offset indent
    57. 

  57. mac_none_load="YES"
    58. 

  58. .Ed
    59. 

  59. .Sh DESCRIPTION
    60. 

  60. The
    61. 

  61. .Nm
    62. 

  62. policy module implements a none MAC policy that has no effect on
    63. 

  63. access control in the system.
    64. 

  64. Unlike
    65. 

  65. .Xr mac_stub 4 ,
    66. 

  66. none of the MAC entry points are defined.
    67. 

  67. .Ss Label Format
    68. 

  68. No labels are defined for
    69. 

  69. .Nm .
    70. 

  70. .Sh SEE ALSO
    71. 

  71. .Xr mac 4 ,
    72. 

  72. .Xr mac_biba 4 ,
    73. 

  73. .Xr mac_bsdextended 4 ,
    74. 

  74. .Xr mac_ifoff 4 ,
    75. 

  75. .Xr mac_lomac 4 ,
    76. 

  76. .Xr mac_mls 4 ,
    77. 

  77. .Xr mac_partition 4 ,
    78. 

  78. .Xr mac_portacl 4 ,
    79. 

  79. .Xr mac_seeotheruids 4 ,
    80. 

  80. .Xr mac_stub 4 ,
    81. 

  81. .Xr mac_test 4 ,
    82. 

  82. .Xr mac 9
    83. 

  83. .Sh HISTORY
    84. 

  84. The
    85. 

  85. .Nm
    86. 

  86. policy module first appeared in
    87. 

  87. .Fx 5.0
    88. 

  88. and was developed by the
    89. 

  89. .Tn TrustedBSD
    90. 

  90. Project.
    91. 

  91. .Sh AUTHORS
    92. 

  92. This software was contributed to the
    93. 

  93. .Fx
    94. 

  94. Project by Network Associates Labs,
    95. 

  95. the Security Research Division of Network Associates
    96. 

  96. Inc.
    97. 

  97. under DARPA/SPAWAR contract N66001-01-C-8035
    98. 

  98. .Pq Dq CBOSS ,
    99. 

  99. as part of the DARPA CHATS research program.
    100. 

  100. .Sh BUGS
    101. 

  101. See
    102. 

  102. .Xr mac 9
    103. 

  103. concerning appropriateness for production use.
    104. 

  104. The
    105. 

  105. .Tn TrustedBSD
    106. 

  106. MAC Framework is considered experimental in
    107. 

  107. .Fx .
    108. 

  108. .Pp
    109. 

  109. While the MAC Framework design is intended to support the containment of
    110. 

  110. the root user, not all attack channels are currently protected by entry
    111. 

  111. point checks.
    112. 

  112. As such, MAC Framework policies should not be relied on, in isolation,
    113. 

  113. to protect against a malicious privileged user.
    114.