mac(4): also list jails in the example enumeration of objects
The prison may also be considered part of the subject by way of its ucred association, but I don't think this is significantly different enough today than before recent work -- policies could have always taken them into account, and some did (e.g., mac_bsdextended). Reported by: olce Reviewed by: olce, ziaee Differential Revision: https://reviews.freebsd.org/D54748
This commit is contained in:
@@ -28,7 +28,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd January 15, 2026
|
||||
.Dd January 16, 2026
|
||||
.Dt MAC 4
|
||||
.Os
|
||||
.Sh NAME
|
||||
@@ -68,7 +68,7 @@ Currently, the following MAC policy modules are shipped with
|
||||
.El
|
||||
.Ss MAC Labels
|
||||
Each system subject (processes, sockets, etc.) and each system object
|
||||
(file system objects, sockets, etc.) can carry with it a MAC label.
|
||||
(file system objects, jails, sockets, etc.) can carry with it a MAC label.
|
||||
MAC labels contain data in an arbitrary format
|
||||
taken into consideration in making access control decisions
|
||||
for a given operation.
|
||||
|
||||
Reference in New Issue
Block a user