Provide a simple sample labeled access control policy, mac_partition.
This policy can be loaded dynamically, and assigns each process a partition number, as well as permitting processes to operate outside the partition. Processes contained in a partition can only "see" processes inside the same partition, so it's a little like jail. The partition of a user can be set using the label mechanisms in login.conf. This sample policy is a good starting point for developers wanting to learn about how to produce labeled policies, as it labels only one kernel object, the process credential. PR: Submitted by: Reviewed by: Approved by: Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson
parent
cbfcb39874
commit
5136300015
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=105827
@ -68,6 +68,7 @@ SUBDIR= 3dfx \
|
||||
mac_ifoff \
|
||||
mac_mls \
|
||||
mac_none \
|
||||
mac_partition \
|
||||
mac_seeotheruids \
|
||||
mac_test \
|
||||
mcd \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user