8c7327e183
This policy can be loaded dynamically, and assigns each process a partition number, as well as permitting processes to operate outside the partition. Processes contained in a partition can only "see" processes inside the same partition, so it's a little like jail. The partition of a user can be set using the label mechanisms in login.conf. This sample policy is a good starting point for developers wanting to learn about how to produce labeled policies, as it labels only one kernel object, the process credential. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories |
||
|---|---|---|
| .. | ||
| mac_partition.c | ||
| mac_partition.h | ||