mac(4): also list jails in the example enumeration of objects
The prison may also be considered part of the subject by way of its ucred association, but I don't think this is significantly different enough today than before recent work -- policies could have always taken them into account, and some did (e.g., mac_bsdextended). Reported by: olce Reviewed by: olce, ziaee Differential Revision: https://reviews.freebsd.org/D54748
This commit is contained in:
@@ -28,7 +28,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd January 15, 2026
|
.Dd January 16, 2026
|
||||||
.Dt MAC 4
|
.Dt MAC 4
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@@ -68,7 +68,7 @@ Currently, the following MAC policy modules are shipped with
|
|||||||
.El
|
.El
|
||||||
.Ss MAC Labels
|
.Ss MAC Labels
|
||||||
Each system subject (processes, sockets, etc.) and each system object
|
Each system subject (processes, sockets, etc.) and each system object
|
||||||
(file system objects, sockets, etc.) can carry with it a MAC label.
|
(file system objects, jails, sockets, etc.) can carry with it a MAC label.
|
||||||
MAC labels contain data in an arbitrary format
|
MAC labels contain data in an arbitrary format
|
||||||
taken into consideration in making access control decisions
|
taken into consideration in making access control decisions
|
||||||
for a given operation.
|
for a given operation.
|
||||||
|
|||||||
Reference in New Issue
Block a user