8c7327e183
This policy can be loaded dynamically, and assigns each process a partition number, as well as permitting processes to operate outside the partition. Processes contained in a partition can only "see" processes inside the same partition, so it's a little like jail. The partition of a user can be set using the label mechanisms in login.conf. This sample policy is a good starting point for developers wanting to learn about how to produce labeled policies, as it labels only one kernel object, the process credential. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories |
||
|---|---|---|
| .. | ||
| lomac | ||
| mac | ||
| mac_biba | ||
| mac_bsdextended | ||
| mac_ifoff | ||
| mac_mls | ||
| mac_none | ||
| mac_partition | ||
| mac_seeotheruids | ||
| mac_stub | ||
| mac_test | ||