👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

NetBSD 6.1.5 - man page for secmodel_extensions (netbsd section 9)

SECMODEL_EXTENSIONS(9)		  BSD Kernel Developer's Manual 	   SECMODEL_EXTENSIONS(9)

NAME
     secmodel_extensions -- Extensions security model

DESCRIPTION
     secmodel_extensions implements extensions to the traditional security model based on the
     original 4.4BSD.  They can be used to grant additional privileges to ordinary users, or
     enable specific security measures like curtain mode.

     The extensions are described below.

Curtain mode
     When enabled, all returned objects will be filtered according to the user-id requesting
     information about them, preventing users from accessing objects they do not own.

     It affects the output of many commands, including fstat(1), netstat(1), ps(1), sockstat(1),
     and w(1).

     This extension is enabled by setting security.models.extensions.curtain or security.curtain
     sysctl(7) to a non-zero value.

     It can be enabled at any time, but cannot be disabled anymore when the securelevel of the
     system is above 0.

Non-superuser mounts
     When enabled, it allows file-systems to be mounted by an ordinary user who owns the point
     node and has at least read access to the special device mount(8) arguments.  Note that the
     nosuid and nodev flags must be given for non-superuser mounts.

     This extension is enabled by setting security.models.extensions.usermount or
     vfs.generic.usermount sysctl(7) to a non-zero value.

     It can be disabled at any time, but cannot be enabled anymore when the securelevel of the
     system is above 0.

Non-superuser control of CPU sets
     When enabled, an ordinary user is allowed to control the CPU affinity(3) of the processes
     and threads he owns.

     This extension is enabled by setting security.models.extensions.user_set_cpu_affinity
     sysctl(7) to a non-zero value.

     It can be disabled at any time, but cannot be enabled anymore when the securelevel of the
     system is above 0.

SEE ALSO
     affinity(3), sched(3), sysctl(7), kauth(9), secmodel(9), secmodel_bsd44(9),
     secmodel_securelevel(9), secmodel_suser(9)

AUTHORS
     Elad Efrat <elad@NetBSD.org>

BSD					 December 3, 2011				      BSD


All times are GMT -4. The time now is 08:45 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?