aboutsummaryrefslogtreecommitdiff
path: root/en_US.ISO8859-1/books/handbook/mac
diff options
context:
space:
mode:
authorDaniel Gerzo <danger@FreeBSD.org>2008-08-21 21:29:21 +0000
committerDaniel Gerzo <danger@FreeBSD.org>2008-08-21 21:29:21 +0000
commit2aac44f761385b868458a9ac07713d1a4a22c5b9 (patch)
tree4ee85d2c21c15f56cf31b5196f731c5ab1062387 /en_US.ISO8859-1/books/handbook/mac
parent15ff27de96528d5f2718ac9de1702b8aee4dd532 (diff)
downloaddoc-2aac44f761385b868458a9ac07713d1a4a22c5b9.tar.gz
doc-2aac44f761385b868458a9ac07713d1a4a22c5b9.zip
- make mac-seeotheruids section a separate section, i.e. make it sect1
section, to conform its style with the rest of the chapter. (No content changes of course)
Notes
Notes: svn path=/head/; revision=32715
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/mac')
-rw-r--r--en_US.ISO8859-1/books/handbook/mac/chapter.sgml94
1 files changed, 47 insertions, 47 deletions
diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
index ff6155e94d..f7d63a8a01 100644
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
@@ -853,62 +853,62 @@ test: biba/high</screen>
<para>A single label configuration would enforce only one label
across the system, that is why the <command>tunefs</command>
option is called <option>multilabel</option>.</para>
+ </sect1>
- <sect2 id="mac-seeotheruids">
- <title>The MAC seeotheruids Module</title>
+ <sect1 id="mac-seeotheruids">
+ <title>The MAC seeotheruids Module</title>
- <indexterm>
- <primary>MAC See Other UIDs Policy</primary>
- </indexterm>
- <para>Module name: <filename>mac_seeotheruids.ko</filename></para>
+ <indexterm>
+ <primary>MAC See Other UIDs Policy</primary>
+ </indexterm>
+ <para>Module name: <filename>mac_seeotheruids.ko</filename></para>
- <para>Kernel configuration line:
- <literal>options MAC_SEEOTHERUIDS</literal></para>
+ <para>Kernel configuration line:
+ <literal>options MAC_SEEOTHERUIDS</literal></para>
- <para>Boot option:
- <literal>mac_seeotheruids_load="YES"</literal></para>
+ <para>Boot option:
+ <literal>mac_seeotheruids_load="YES"</literal></para>
- <para>The &man.mac.seeotheruids.4; module mimics and extends
- the <literal>security.bsd.see_other_uids</literal> and
- <literal>security.bsd.see_other_gids</literal>
- <command>sysctl</command> tunables. This option does
- not require any labels to be set before configuration and
- can operate transparently with the other modules.</para>
+ <para>The &man.mac.seeotheruids.4; module mimics and extends
+ the <literal>security.bsd.see_other_uids</literal> and
+ <literal>security.bsd.see_other_gids</literal>
+ <command>sysctl</command> tunables. This option does
+ not require any labels to be set before configuration and
+ can operate transparently with the other modules.</para>
- <para>After loading the module, the following
- <command>sysctl</command> tunables may be used to control
- the features:</para>
+ <para>After loading the module, the following
+ <command>sysctl</command> tunables may be used to control
+ the features:</para>
- <itemizedlist>
- <listitem>
- <para><literal>security.mac.seeotheruids.enabled</literal>
- will enable the module's features and use the default
- settings. These default settings will deny users the
- ability to view processes and sockets owned by other
- users.</para>
- </listitem>
+ <itemizedlist>
+ <listitem>
+ <para><literal>security.mac.seeotheruids.enabled</literal>
+ will enable the module's features and use the default
+ settings. These default settings will deny users the
+ ability to view processes and sockets owned by other
+ users.</para>
+ </listitem>
- <listitem>
- <para>
- <literal>security.mac.seeotheruids.specificgid_enabled</literal>
- will allow a certain group to be exempt from this policy.
- To exempt specific groups from this policy, use the
- <literal>security.mac.seeotheruids.specificgid=<replaceable>XXX</replaceable></literal>
- <command>sysctl</command> tunable. In the above example,
- the <replaceable>XXX</replaceable> should be replaced with the
- numeric group ID to be exempted.</para>
- </listitem>
+ <listitem>
+ <para>
+ <literal>security.mac.seeotheruids.specificgid_enabled</literal>
+ will allow a certain group to be exempt from this policy.
+ To exempt specific groups from this policy, use the
+ <literal>security.mac.seeotheruids.specificgid=<replaceable>XXX</replaceable></literal>
+ <command>sysctl</command> tunable. In the above example,
+ the <replaceable>XXX</replaceable> should be replaced with the
+ numeric group ID to be exempted.</para>
+ </listitem>
- <listitem>
- <para>
- <literal>security.mac.seeotheruids.primarygroup_enabled</literal>
- is used to exempt specific primary groups from this policy.
- When using this tunable, the
- <literal>security.mac.seeotheruids.specificgid_enabled</literal>
- may not be set.</para>
- </listitem>
- </itemizedlist>
- </sect2>
+ <listitem>
+ <para>
+ <literal>security.mac.seeotheruids.primarygroup_enabled</literal>
+ is used to exempt specific primary groups from this policy.
+ When using this tunable, the
+ <literal>security.mac.seeotheruids.specificgid_enabled</literal>
+ may not be set.</para>
+ </listitem>
+ </itemizedlist>
</sect1>
<sect1 id="mac-bsdextended">