diff options
| author | Jacob McDonnell <jacob@jacobmcdonnell.com> | 2026-04-25 19:59:05 -0400 |
|---|---|---|
| committer | Jacob McDonnell <jacob@jacobmcdonnell.com> | 2026-04-25 19:59:05 -0400 |
| commit | 1f19f33e45791ea59aed048796fc68672c6723a5 (patch) | |
| tree | 54625fba89e91d1c2177801ec635e8528bba937f /static/freebsd/man4/mac_seeotheruids.4 3.html | |
| parent | ac5e55f5f2af5b92794c2aded46c6bae85b5f5ed (diff) | |
docs: Removed Precompiled HTML
Diffstat (limited to 'static/freebsd/man4/mac_seeotheruids.4 3.html')
| -rw-r--r-- | static/freebsd/man4/mac_seeotheruids.4 3.html | 93 |
1 files changed, 0 insertions, 93 deletions
diff --git a/static/freebsd/man4/mac_seeotheruids.4 3.html b/static/freebsd/man4/mac_seeotheruids.4 3.html deleted file mode 100644 index 746ec17e..00000000 --- a/static/freebsd/man4/mac_seeotheruids.4 3.html +++ /dev/null @@ -1,93 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">MAC_SEEOTHERUIDS(4)</td> - <td class="head-vol">Device Drivers Manual</td> - <td class="head-rtitle">MAC_SEEOTHERUIDS(4)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">mac_seeotheruids</code> — - <span class="Nd">simple policy controlling whether users see other - users</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp">To compile the policy into your kernel, place the following lines - in your kernel configuration file:</p> -<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code> -<br/> -<code class="Cd">options MAC_SEEOTHERUIDS</code></div> -<p class="Pp">Alternately, to load the module at boot time, place the following - line in your kernel configuration file:</p> -<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code></div> -<p class="Pp">and in <a class="Xr">loader.conf(5)</a>:</p> -<div class="Bd Pp Bd-indent Li"> -<pre>mac_seeotheruids_load="YES"</pre> -</div> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<p class="Pp">The <code class="Nm">mac_seeotheruids</code> policy module, when - enabled, denies users to see processes or sockets owned by other users.</p> -<p class="Pp">To enable <code class="Nm">mac_seeotheruids</code>, set the sysctl - OID <var class="Va">security.mac.seeotheruids.enabled</var> to 1. To permit - superuser awareness of other credentials by virtue of privilege, set the - sysctl OID <var class="Va">security.mac.seeotheruids.suser_privileged</var> - to 1.</p> -<p class="Pp">To allow users to see processes and sockets owned by the same - primary group, set the sysctl OID - <var class="Va">security.mac.seeotheruids.primarygroup_enabled</var> to - 1.</p> -<p class="Pp">To allow processes with a specific group ID to be exempt from the - policy, set the sysctl OID - <var class="Va">security.mac.seeotheruids.specificgid_enabled</var> to 1, - and <var class="Va">security.mac.seeotheruids.specificgid</var> to the list - of group IDs to be exempted.</p> -<section class="Ss"> -<h2 class="Ss" id="Label_Format"><a class="permalink" href="#Label_Format">Label - Format</a></h2> -<p class="Pp">No labels are defined for - <code class="Nm">mac_seeotheruids</code>.</p> -</section> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">mac(4)</a>, <a class="Xr">mac_biba(4)</a>, - <a class="Xr">mac_bsdextended(4)</a>, <a class="Xr">mac_ddb(4)</a>, - <a class="Xr">mac_ifoff(4)</a>, <a class="Xr">mac_lomac(4)</a>, - <a class="Xr">mac_mls(4)</a>, <a class="Xr">mac_none(4)</a>, - <a class="Xr">mac_partition(4)</a>, <a class="Xr">mac_portacl(4)</a>, - <a class="Xr">mac_test(4)</a>, <a class="Xr">mac(9)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> -<p class="Pp">The <code class="Nm">mac_seeotheruids</code> policy module first - appeared in <span class="Ux">FreeBSD 5.0</span> and was developed by the - TrustedBSD Project.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This software was contributed to the - <span class="Ux">FreeBSD</span> Project by Network Associates Labs, the - Security Research Division of Network Associates Inc. under DARPA/SPAWAR - contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA - CHATS research program.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> -<p class="Pp">While the MAC Framework design is intended to support the - containment of the root user, not all attack channels are currently - protected by entry point checks. As such, MAC Framework policies should not - be relied on, in isolation, to protect against a malicious privileged - user.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">Februrary 26, 2026</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> |