MFC r285873:

Update Capsicum and Mandatory Access Control manual pages
to no longer claim they are experimental.

Sponsored by:	The FreeBSD Foundation
This commit is contained in:
trasz 2015-08-02 09:34:03 +00:00
parent d141e091d1
commit e063ea3299
13 changed files with 13 additions and 122 deletions

View File

@ -31,7 +31,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd August 7, 2009
.Dd July 25, 2015
.Dt MAC 3
.Os
.Sh NAME
@ -163,14 +163,3 @@ Support for Mandatory Access Control was introduced in
as part of the
.Tn TrustedBSD
Project.
.Sh BUGS
The
.Tn TrustedBSD
MAC Framework and associated policies, interfaces, and
applications are considered to be an experimental feature in
.Fx .
Sites considering production deployment should keep the experimental
status of these services in mind during any deployment process.
See also
.Xr mac 9
for related considerations regarding the kernel framework.

View File

@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd April 19, 2003
.Dd July 25, 2015
.Dt MAC.CONF 5
.Os
.Sh NAME
@ -110,14 +110,3 @@ Support for Mandatory Access Control was introduced in
as part of the
.Tn TrustedBSD
Project.
.Sh BUGS
The
.Tn TrustedBSD
MAC Framework and associated policies, interfaces, and
applications are considered to be an experimental feature in
.Fx .
Sites considering production deployment should keep the experimental
status of these services in mind during any deployment process.
See also
.Xr mac 9
for related considerations regarding the kernel framework.

View File

@ -26,7 +26,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd October 19, 2013
.Dd July 25, 2015
.Dt CAPSICUM 4
.Os
.Sh NAME
@ -124,7 +124,3 @@ and
.An "Kris Kennaway" Aq kris@FreeBSD.org
at Google, Inc., and
.An "Pawel Jakub Dawidek" Aq pawel@dawidek.net .
.Sh BUGS
.Nm
is considered experimental in
.Fx .

View File

@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd October 30, 2007
.Dd July 25, 2015
.Dt MAC 4
.Os
.Sh NAME
@ -239,14 +239,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.

View File

@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd December 10, 2002
.Dd July 25, 2015
.Dt MAC_IFOFF 4
.Os
.Sh NAME
@ -118,14 +118,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.

View File

@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd December 1, 2002
.Dd July 25, 2015
.Dt MAC_MLS 4
.Os
.Sh NAME
@ -236,14 +236,6 @@ Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.

View File

@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd December 1, 2002
.Dd July 25, 2015
.Dt MAC_NONE 4
.Os
.Sh NAME
@ -98,14 +98,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.

View File

@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd December 9, 2002
.Dd July 25, 2015
.Dt MAC_PARTITION 4
.Os
.Sh NAME
@ -118,14 +118,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.

View File

@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd October 6, 2005
.Dd July 25, 2015
.Dt MAC_SEEOTHERUIDS 4
.Os
.Sh NAME
@ -116,14 +116,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.

View File

@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd December 1, 2002
.Dd July 25, 2015
.Dt MAC_STUB 4
.Os
.Sh NAME
@ -101,14 +101,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.

View File

@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd December 1, 2002
.Dd July 25, 2015
.Dt MAC_TEST 4
.Os
.Sh NAME
@ -102,14 +102,6 @@ under DARPA/SPAWAR contract N66001-01-C-8035
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
See
.Xr mac 9
concerning appropriateness for production use.
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.

View File

@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd August 21, 2013
.Dd July 25, 2015
.Dt PROCDESC 4
.Os
.Sh NAME
@ -87,7 +87,3 @@ at the University of Cambridge, and
and
.An "Kris Kennaway" Aq kris@FreeBSD.org
at Google, Inc.
.Sh BUGS
.Nm
is considered experimental in
.Fx .

View File

@ -33,7 +33,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd July 10, 2006
.Dd July 25, 2015
.Dt MAC 9
.Os
.Sh NAME
@ -62,14 +62,6 @@ opportunity to modify security behavior at those MAC API entry points.
Both consumers of the API (normal kernel services) and security modules
must be aware of the semantics of the API calls, particularly with respect
to synchronization primitives (such as locking).
.Ss Note on Appropriateness for Production Use
The
.Tn TrustedBSD
MAC Framework included in
.Fx 5.0
is considered experimental, and should not be deployed in production
environments without careful consideration of the risks associated with
the use of experimental operating system features.
.Ss Kernel Objects Supported by the Framework
The MAC framework manages labels on a variety of types of in-kernel
objects, including process credentials, vnodes, devfs_dirents, mount
@ -232,13 +224,6 @@ Additional contributors include:
and
.An Tim Robbins .
.Sh BUGS
See the earlier section in this document concerning appropriateness
for production use.
The
.Tn TrustedBSD
MAC Framework is considered experimental in
.Fx .
.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.