SECMODEL_OVERLAY(9) BSD Kernel Developer's Manual SECMODEL_OVERLAY(9)NAME
secmodel_overlay -- sample overlay security model implementation
SYNOPSIS
#include <secmodel/overlay/overlay.h>
DESCRIPTION
secmodel_overlay is a sample implementation for an overlay security model. It can be thought of as a ``filter'' for the underlying model it
overlays, by default it is secmodel_bsd44(9), where developers or administrators can implement custom policies using least intrusive code
changes.
CODE REFERENCES
sys/secmodel/overlay/secmodel_overlay.c
SEE ALSO kauth(9), secmodel(9), secmodel_bsd44(9)AUTHORS
Elad Efrat <elad@NetBSD.org>
BSD September 15, 2006 BSD
Check Out this Related Man Page
SECMODEL_EXTENSIONS(9) BSD Kernel Developer's Manual SECMODEL_EXTENSIONS(9)NAME
secmodel_extensions -- Extensions security model
DESCRIPTION
secmodel_extensions implements extensions to the traditional security model based on the original 4.4BSD. They can be used to grant addi-
tional privileges to ordinary users, or enable specific security measures like curtain mode.
The extensions are described below.
Curtain mode
When enabled, all returned objects will be filtered according to the user-id requesting information about them, preventing users from access-
ing objects they do not own.
It affects the output of many commands, including fstat(1), netstat(1), ps(1), sockstat(1), and w(1).
This extension is enabled by setting security.models.extensions.curtain or security.curtain sysctl(7) to a non-zero value.
It can be enabled at any time, but cannot be disabled anymore when the securelevel of the system is above 0.
Non-superuser mounts
When enabled, it allows file-systems to be mounted by an ordinary user who owns the point node and has at least read access to the special
device mount(8) arguments. Note that the nosuid and nodev flags must be given for non-superuser mounts.
This extension is enabled by setting security.models.extensions.usermount or vfs.generic.usermount sysctl(7) to a non-zero value.
It can be disabled at any time, but cannot be enabled anymore when the securelevel of the system is above 0.
Non-superuser control of CPU sets
When enabled, an ordinary user is allowed to control the CPU affinity(3) of the processes and threads he owns.
This extension is enabled by setting security.models.extensions.user_set_cpu_affinity sysctl(7) to a non-zero value.
It can be disabled at any time, but cannot be enabled anymore when the securelevel of the system is above 0.
SEE ALSO affinity(3), sched(3), sysctl(7), kauth(9), secmodel(9), secmodel_bsd44(9), secmodel_securelevel(9), secmodel_suser(9)AUTHORS
Elad Efrat <elad@NetBSD.org>
BSD December 3, 2011 BSD
Introduction
I have seen some misinformation regarding Unix file permissions. I will try to set the record straight. Take a look at this example of some output from ls:
$ ls -ld /usr/bin /usr/bin/cat
drwxrwxr-x 3 root bin 8704 Sep 23 2004 /usr/bin
-r-xr-xr-x 1 bin bin ... (6 Replies)
I have a file which looks roughly like this:
996 mmmmmmm
996 xxxxxxxxxxxxx
99600 ssssssssss
9964 fffffffffffff
and would like to sort it numerically on the first field. I tried:
sort -nr --key=1 ....
The output I get is:
99600 ssssssssss
9964 ... (3 Replies)
Suppose I have a main() function with only one malloc statement allocating say some 1 gb memory. Also say my system has 1 gb of ram.
main()
{
malloc(1gb)
return(0)
}
The program above exits without freeing the memory.
In this case will the 1 gb of heap memory be returned... (9 Replies)
I'm trying to install a PGX32 video card on my Sparc 10 Ultra running Solaris 10.
I've got the Oracle installation guide for it and I got as far as:
"4. Insert the CD-ROM labeled “GFX OpenWindows for Solaris 2” into the drive."
I don't have a CD-ROM by that name and a web search for that... (21 Replies)
Hey All,
Quick question...
I'm writing a short script to check if a continuous port is running on a server.
I'm using "ps -ef | grep -v grep | grep processName" and I was wondering if it was better/more reliable to just check the
return code from the command or if its better to pipe to... (12 Replies)
I installed NetBSD 6.1.2 amd64 and can't find the apm utility. Is it not in the base system?
Is it necessary to recompile the default amd64 kernel to use apm?
Or is there a new method for power management and suspend/resume? (2 Replies)
Hi,
I am learning shell scripting for the first time. I use AT&T Korn Shell, Version AJM 93u+ 2012-08-01, compiled from source on NetBSD.
So far I have managed to set up what I think is a useful and pleasing shell prompt, which can be seen in the image attached to this post.
The prompt is... (2 Replies)
Hey gang, I have a list of times I need to sum up. This list can vary from a few to a few thousand entries. Now I had found a closed reference to adding time titled "add up time with xx:yy format in bash how?" In it, the example works great for that formatted list of times... This is the reply code... (5 Replies)
Usually when I on the evening go to bed I take some interesting book with me. I read it for a while to get me down to sleep. Probably most people seek information from the Nett by googleing but I am so oldfashioned I prefer a real book ;)
But what a book. The one I found and ordered is BSD Unix®... (0 Replies)
On the late 1960s I got short hands on experience with a russian "small" computer. It vas a copy of DEC's VAX ... and running some version of BSD-Unix. After that I worked in a university following the development of computing. After retire I started collecting old pc's and installing... (13 Replies)