*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->FreeBSD man pages -> mac_partition (4)              
Title
Content
Arch
Section
 

MAC_PARTITION(4)

Contents

NAME    [Toc]    [Back]

     mac_partition -- process partition policy

SYNOPSIS    [Toc]    [Back]

     To compile the process partition policy into your kernel, place the following
 lines in your kernel configuration file:

	   options MAC
	   options MAC_PARTITION

     Alternately, to load the process partition module at boot time, place the
     following line in your kernel configuration file:

	   options MAC

     and in loader.conf(5):

	   mac_partition_load="YES"

DESCRIPTION    [Toc]    [Back]

     The mac_partition policy module implements a process partition policy,
     which allows administrators to place running processes into
     ``partitions'', based on their numeric process partition (specified in
     the process's MAC label).	Processes with a specified partition can only
     see processes that are in the same partition.  If no partition is specified
 for a process, it can see all other processes in the system (subject
     to other MAC policy restrictions not defined in this man page).  No provisions
 for placing processes into multiple partitions are available.

   Label Format    [Toc]    [Back]
     Partition labels take on the following format:

	   partition/value

     Where value can be any integer value or ``none''.	For example:

	   partition/1
	   partition/20
	   partition/none

SEE ALSO    [Toc]    [Back]

      
       
     lomac(4), mac(4), mac_biba(4), mac_bsdextended(4), mac_ifoff(4),
     mac_lomac(4), mac_mls(4), mac_none(4), mac_portacl(4),
     mac_seeotheruids(4), mac_test(4), maclabel(7), mac(9)

HISTORY    [Toc]    [Back]

     The mac_partition policy module first appeared in FreeBSD 5.0 and was
     developed by the TrustedBSD Project.

AUTHORS    [Toc]    [Back]

     This software was contributed to the FreeBSD Project by Network Associates
 Labs, the Security Research Division of Network Associates Inc.
     under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the
     DARPA CHATS research program.

BUGS    [Toc]    [Back]

     See mac(9) concerning appropriateness for production use.	The TrustedBSD
     MAC Framework is considered experimental in FreeBSD.

     While the MAC Framework design is intended to support the containment of
     the root user, not all attack channels are currently protected by entry
     point checks.  As such, MAC Framework policies should not be relied on,
     in isolation, to protect against a malicious privileged user.


FreeBSD 5.2.1		       December 9, 2002 		 FreeBSD 5.2.1
[ Back ]
 Similar pages
Name OS Title
sched_getscheduler IRIX get the scheduling policy of a process
sched_setscheduler IRIX set the scheduling policy of a process
sched_getscheduler Tru64 Returns the scheduling policy of a process (P1003.1b)
sched_rr_get_interval Tru64 Returns the current quantum for process execution under the SCHED_RR policy (P1003.1b)
set_usage Tru64 checks whether a disk partition is in use and sets the fstype of the partition in the disk label
sched_setscheduler Tru64 Sets the scheduling policy and scheduling parameters of the specified process (P1003.1b)
parcreate HP-UX create a new partition
root IRIX partition names
parmodify HP-UX modify an existing partition
fdisk OpenBSD DOS partition maintenance program
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service