diff options
author | Daniel Gerzo <danger@FreeBSD.org> | 2008-08-21 21:29:21 +0000 |
---|---|---|
committer | Daniel Gerzo <danger@FreeBSD.org> | 2008-08-21 21:29:21 +0000 |
commit | 2aac44f761385b868458a9ac07713d1a4a22c5b9 (patch) | |
tree | 4ee85d2c21c15f56cf31b5196f731c5ab1062387 /en_US.ISO8859-1/books/handbook/mac | |
parent | 15ff27de96528d5f2718ac9de1702b8aee4dd532 (diff) | |
download | doc-2aac44f761385b868458a9ac07713d1a4a22c5b9.tar.gz doc-2aac44f761385b868458a9ac07713d1a4a22c5b9.zip |
- make mac-seeotheruids section a separate section, i.e. make it sect1
section, to conform its style with the rest of the chapter.
(No content changes of course)
Notes
Notes:
svn path=/head/; revision=32715
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/mac')
-rw-r--r-- | en_US.ISO8859-1/books/handbook/mac/chapter.sgml | 94 |
1 files changed, 47 insertions, 47 deletions
diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml index ff6155e94d..f7d63a8a01 100644 --- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml @@ -853,62 +853,62 @@ test: biba/high</screen> <para>A single label configuration would enforce only one label across the system, that is why the <command>tunefs</command> option is called <option>multilabel</option>.</para> + </sect1> - <sect2 id="mac-seeotheruids"> - <title>The MAC seeotheruids Module</title> + <sect1 id="mac-seeotheruids"> + <title>The MAC seeotheruids Module</title> - <indexterm> - <primary>MAC See Other UIDs Policy</primary> - </indexterm> - <para>Module name: <filename>mac_seeotheruids.ko</filename></para> + <indexterm> + <primary>MAC See Other UIDs Policy</primary> + </indexterm> + <para>Module name: <filename>mac_seeotheruids.ko</filename></para> - <para>Kernel configuration line: - <literal>options MAC_SEEOTHERUIDS</literal></para> + <para>Kernel configuration line: + <literal>options MAC_SEEOTHERUIDS</literal></para> - <para>Boot option: - <literal>mac_seeotheruids_load="YES"</literal></para> + <para>Boot option: + <literal>mac_seeotheruids_load="YES"</literal></para> - <para>The &man.mac.seeotheruids.4; module mimics and extends - the <literal>security.bsd.see_other_uids</literal> and - <literal>security.bsd.see_other_gids</literal> - <command>sysctl</command> tunables. This option does - not require any labels to be set before configuration and - can operate transparently with the other modules.</para> + <para>The &man.mac.seeotheruids.4; module mimics and extends + the <literal>security.bsd.see_other_uids</literal> and + <literal>security.bsd.see_other_gids</literal> + <command>sysctl</command> tunables. This option does + not require any labels to be set before configuration and + can operate transparently with the other modules.</para> - <para>After loading the module, the following - <command>sysctl</command> tunables may be used to control - the features:</para> + <para>After loading the module, the following + <command>sysctl</command> tunables may be used to control + the features:</para> - <itemizedlist> - <listitem> - <para><literal>security.mac.seeotheruids.enabled</literal> - will enable the module's features and use the default - settings. These default settings will deny users the - ability to view processes and sockets owned by other - users.</para> - </listitem> + <itemizedlist> + <listitem> + <para><literal>security.mac.seeotheruids.enabled</literal> + will enable the module's features and use the default + settings. These default settings will deny users the + ability to view processes and sockets owned by other + users.</para> + </listitem> - <listitem> - <para> - <literal>security.mac.seeotheruids.specificgid_enabled</literal> - will allow a certain group to be exempt from this policy. - To exempt specific groups from this policy, use the - <literal>security.mac.seeotheruids.specificgid=<replaceable>XXX</replaceable></literal> - <command>sysctl</command> tunable. In the above example, - the <replaceable>XXX</replaceable> should be replaced with the - numeric group ID to be exempted.</para> - </listitem> + <listitem> + <para> + <literal>security.mac.seeotheruids.specificgid_enabled</literal> + will allow a certain group to be exempt from this policy. + To exempt specific groups from this policy, use the + <literal>security.mac.seeotheruids.specificgid=<replaceable>XXX</replaceable></literal> + <command>sysctl</command> tunable. In the above example, + the <replaceable>XXX</replaceable> should be replaced with the + numeric group ID to be exempted.</para> + </listitem> - <listitem> - <para> - <literal>security.mac.seeotheruids.primarygroup_enabled</literal> - is used to exempt specific primary groups from this policy. - When using this tunable, the - <literal>security.mac.seeotheruids.specificgid_enabled</literal> - may not be set.</para> - </listitem> - </itemizedlist> - </sect2> + <listitem> + <para> + <literal>security.mac.seeotheruids.primarygroup_enabled</literal> + is used to exempt specific primary groups from this policy. + When using this tunable, the + <literal>security.mac.seeotheruids.specificgid_enabled</literal> + may not be set.</para> + </listitem> + </itemizedlist> </sect1> <sect1 id="mac-bsdextended"> |