From 208a8b953215180de3134785b3950d3709047624 Mon Sep 17 00:00:00 2001 From: Edward Tomasz Napierala Date: Sat, 25 Jul 2015 15:56:49 +0000 Subject: [PATCH] Update Capsicum and Mandatory Access Control manual pages to no longer claim they are experimental. Reviewed by: rwatson@, wblock@ MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D2985 --- lib/libc/posix1e/mac.3 | 13 +------------ lib/libc/posix1e/mac.conf.5 | 13 +------------ share/man/man4/capsicum.4 | 6 +----- share/man/man4/mac.4 | 10 +--------- share/man/man4/mac_ifoff.4 | 10 +--------- share/man/man4/mac_mls.4 | 10 +--------- share/man/man4/mac_none.4 | 10 +--------- share/man/man4/mac_partition.4 | 10 +--------- share/man/man4/mac_seeotheruids.4 | 10 +--------- share/man/man4/mac_stub.4 | 10 +--------- share/man/man4/mac_test.4 | 10 +--------- share/man/man4/procdesc.4 | 6 +----- share/man/man9/mac.9 | 17 +---------------- 13 files changed, 13 insertions(+), 122 deletions(-) diff --git a/lib/libc/posix1e/mac.3 b/lib/libc/posix1e/mac.3 index af162f8a5a46..5d2d5c4f49df 100644 --- a/lib/libc/posix1e/mac.3 +++ b/lib/libc/posix1e/mac.3 @@ -31,7 +31,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 7, 2009 +.Dd July 25, 2015 .Dt MAC 3 .Os .Sh NAME @@ -163,14 +163,3 @@ Support for Mandatory Access Control was introduced in as part of the .Tn TrustedBSD Project. -.Sh BUGS -The -.Tn TrustedBSD -MAC Framework and associated policies, interfaces, and -applications are considered to be an experimental feature in -.Fx . -Sites considering production deployment should keep the experimental -status of these services in mind during any deployment process. -See also -.Xr mac 9 -for related considerations regarding the kernel framework. diff --git a/lib/libc/posix1e/mac.conf.5 b/lib/libc/posix1e/mac.conf.5 index a8dfba214393..3946be18db16 100644 --- a/lib/libc/posix1e/mac.conf.5 +++ b/lib/libc/posix1e/mac.conf.5 @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 19, 2003 +.Dd July 25, 2015 .Dt MAC.CONF 5 .Os .Sh NAME @@ -110,14 +110,3 @@ Support for Mandatory Access Control was introduced in as part of the .Tn TrustedBSD Project. -.Sh BUGS -The -.Tn TrustedBSD -MAC Framework and associated policies, interfaces, and -applications are considered to be an experimental feature in -.Fx . -Sites considering production deployment should keep the experimental -status of these services in mind during any deployment process. -See also -.Xr mac 9 -for related considerations regarding the kernel framework. diff --git a/share/man/man4/capsicum.4 b/share/man/man4/capsicum.4 index 9290cbcf0328..1d208b04a94c 100644 --- a/share/man/man4/capsicum.4 +++ b/share/man/man4/capsicum.4 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 19, 2013 +.Dd July 25, 2015 .Dt CAPSICUM 4 .Os .Sh NAME @@ -125,7 +125,3 @@ and .An Kris Kennaway Aq Mt kris@FreeBSD.org at Google, Inc., and .An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net . -.Sh BUGS -.Nm -is considered experimental in -.Fx . diff --git a/share/man/man4/mac.4 b/share/man/man4/mac.4 index b1ff1d951d8e..0c143139d7e0 100644 --- a/share/man/man4/mac.4 +++ b/share/man/man4/mac.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 30, 2007 +.Dd July 25, 2015 .Dt MAC 4 .Os .Sh NAME @@ -239,14 +239,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. .Sh BUGS -See -.Xr mac 9 -concerning appropriateness for production use. -The -.Tn TrustedBSD -MAC Framework is considered experimental in -.Fx . -.Pp While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by entry point checks. diff --git a/share/man/man4/mac_ifoff.4 b/share/man/man4/mac_ifoff.4 index 87c73b250888..3800eeaf4cb4 100644 --- a/share/man/man4/mac_ifoff.4 +++ b/share/man/man4/mac_ifoff.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 10, 2002 +.Dd July 25, 2015 .Dt MAC_IFOFF 4 .Os .Sh NAME @@ -118,14 +118,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. .Sh BUGS -See -.Xr mac 9 -concerning appropriateness for production use. -The -.Tn TrustedBSD -MAC Framework is considered experimental in -.Fx . -.Pp While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by entry point checks. diff --git a/share/man/man4/mac_mls.4 b/share/man/man4/mac_mls.4 index b314fb5ca3a9..9f98c465bd37 100644 --- a/share/man/man4/mac_mls.4 +++ b/share/man/man4/mac_mls.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 1, 2002 +.Dd July 25, 2015 .Dt MAC_MLS 4 .Os .Sh NAME @@ -236,14 +236,6 @@ Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. .Sh BUGS -See -.Xr mac 9 -concerning appropriateness for production use. -The -.Tn TrustedBSD -MAC Framework is considered experimental in -.Fx . -.Pp While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by entry point checks. diff --git a/share/man/man4/mac_none.4 b/share/man/man4/mac_none.4 index ed13ca6f6dc7..ea5b75b34f53 100644 --- a/share/man/man4/mac_none.4 +++ b/share/man/man4/mac_none.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 1, 2002 +.Dd July 25, 2015 .Dt MAC_NONE 4 .Os .Sh NAME @@ -98,14 +98,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. .Sh BUGS -See -.Xr mac 9 -concerning appropriateness for production use. -The -.Tn TrustedBSD -MAC Framework is considered experimental in -.Fx . -.Pp While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by entry point checks. diff --git a/share/man/man4/mac_partition.4 b/share/man/man4/mac_partition.4 index 296635edaf06..e19b1bc49731 100644 --- a/share/man/man4/mac_partition.4 +++ b/share/man/man4/mac_partition.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 9, 2002 +.Dd July 25, 2015 .Dt MAC_PARTITION 4 .Os .Sh NAME @@ -118,14 +118,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. .Sh BUGS -See -.Xr mac 9 -concerning appropriateness for production use. -The -.Tn TrustedBSD -MAC Framework is considered experimental in -.Fx . -.Pp While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by entry point checks. diff --git a/share/man/man4/mac_seeotheruids.4 b/share/man/man4/mac_seeotheruids.4 index c870ca00d3ed..7cc3e8880915 100644 --- a/share/man/man4/mac_seeotheruids.4 +++ b/share/man/man4/mac_seeotheruids.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 6, 2005 +.Dd July 25, 2015 .Dt MAC_SEEOTHERUIDS 4 .Os .Sh NAME @@ -116,14 +116,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. .Sh BUGS -See -.Xr mac 9 -concerning appropriateness for production use. -The -.Tn TrustedBSD -MAC Framework is considered experimental in -.Fx . -.Pp While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by entry point checks. diff --git a/share/man/man4/mac_stub.4 b/share/man/man4/mac_stub.4 index 89491f1605c2..77896876470e 100644 --- a/share/man/man4/mac_stub.4 +++ b/share/man/man4/mac_stub.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 1, 2002 +.Dd July 25, 2015 .Dt MAC_STUB 4 .Os .Sh NAME @@ -101,14 +101,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. .Sh BUGS -See -.Xr mac 9 -concerning appropriateness for production use. -The -.Tn TrustedBSD -MAC Framework is considered experimental in -.Fx . -.Pp While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by entry point checks. diff --git a/share/man/man4/mac_test.4 b/share/man/man4/mac_test.4 index e86d4bd0f140..6f14792faee7 100644 --- a/share/man/man4/mac_test.4 +++ b/share/man/man4/mac_test.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 1, 2002 +.Dd July 25, 2015 .Dt MAC_TEST 4 .Os .Sh NAME @@ -102,14 +102,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035 .Pq Dq CBOSS , as part of the DARPA CHATS research program. .Sh BUGS -See -.Xr mac 9 -concerning appropriateness for production use. -The -.Tn TrustedBSD -MAC Framework is considered experimental in -.Fx . -.Pp While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by entry point checks. diff --git a/share/man/man4/procdesc.4 b/share/man/man4/procdesc.4 index ec8c827f29ec..ce32a24646da 100644 --- a/share/man/man4/procdesc.4 +++ b/share/man/man4/procdesc.4 @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 21, 2013 +.Dd July 25, 2015 .Dt PROCDESC 4 .Os .Sh NAME @@ -85,7 +85,3 @@ at the University of Cambridge, and and .An Kris Kennaway Aq Mt kris@FreeBSD.org at Google, Inc. -.Sh BUGS -.Nm -is considered experimental in -.Fx . diff --git a/share/man/man9/mac.9 b/share/man/man9/mac.9 index cc05c5a1f323..d1e86ad79234 100644 --- a/share/man/man9/mac.9 +++ b/share/man/man9/mac.9 @@ -33,7 +33,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 10, 2006 +.Dd July 25, 2015 .Dt MAC 9 .Os .Sh NAME @@ -62,14 +62,6 @@ opportunity to modify security behavior at those MAC API entry points. Both consumers of the API (normal kernel services) and security modules must be aware of the semantics of the API calls, particularly with respect to synchronization primitives (such as locking). -.Ss Note on Appropriateness for Production Use -The -.Tn TrustedBSD -MAC Framework included in -.Fx 5.0 -is considered experimental, and should not be deployed in production -environments without careful consideration of the risks associated with -the use of experimental operating system features. .Ss Kernel Objects Supported by the Framework The MAC framework manages labels on a variety of types of in-kernel objects, including process credentials, vnodes, devfs_dirents, mount @@ -232,13 +224,6 @@ Additional contributors include: and .An Tim Robbins . .Sh BUGS -See the earlier section in this document concerning appropriateness -for production use. -The -.Tn TrustedBSD -MAC Framework is considered experimental in -.Fx . -.Pp While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by entry point checks.