IPnom Home • Manuals • FreeBSD

 FreeBSD Man Pages

Man Sections:Commands (1)System Calls (2)Library Functions (3)Device Drivers (4)File Formats (5)Miscellaneous (7)System Utilities (8)
Keyword Live Search (10 results max):
 Type in part of a command in the search box.
 
Index:
  CPU_ELAN(4)
  CPU_SOEKRIS(4)
  aac(4)
  acd(4)
  acpi(4)
  acpi_asus(4)
  acpi_panasonic(4)
  acpi_thermal(4)
  acpi_toshiba(4)
  acpi_video(4)
  ad(4)
  adv(4)
  adw(4)
  afd(4)
  agp(4)
  agpgart(4)
  aha(4)
  ahb(4)
  ahc(4)
  ahd(4)
  aic(4)
  aio(4)
  alpm(4)
  altq(4)
  amd(4)
  amdpm(4)
  amr(4)
  an(4)
  apm(4)
  ar(4)
  arcmsr(4)
  arl(4)
  arp(4)
  asr(4)
  ast(4)
  ata(4)
  atapicam(4)
  ath(4)
  ath_hal(4)
  atkbd(4)
  atkbdc(4)
  aue(4)
  awi(4)
  axe(4)
  bfe(4)
  bge(4)
  bktr(4)
  blackhole(4)
  bpf(4)
  bridge(4)
  brooktree(4)
  bt(4)
  cam(4)
  card(4)
  cardbus(4)
  carp(4)
  cbb(4)
  ccd(4)
  cd(4)
  cdce(4)
  ch(4)
  ciss(4)
  cm(4)
  cnw(4)
  cp(4)
  cpufreq(4)
  crypto(4)
  cryptodev(4)
  cs(4)
  ct(4)
  ctau(4)
  cue(4)
  cx(4)
  cy(4)
  da(4)
  dc(4)
  dcons(4)
  dcons_crom(4)
  ddb(4)
  de(4)
  devctl(4)
  digi(4)
  disc(4)
  divert(4)
  dpt(4)
  dummynet(4)
  ed(4)
  ef(4)
  ehci(4)
  el(4)
  em(4)
  en(4)
  ep(4)
  esp(4)
  ex(4)
  exca(4)
  faith(4)
  fast_ipsec(4)
  fatm(4)
  fd(4)
  fdc(4)
  fe(4)
  fea(4)
  firewire(4)
  fla(4)
  fpa(4)
  fwe(4)
  fwip(4)
  fwohci(4)
  fxp(4)
  gbde(4)
  gdb(4)
  gem(4)
  geom(4)
  gif(4)
  gre(4)
  gx(4)
  harp(4)
  hatm(4)
  hfa(4)
  hifn(4)
  hme(4)
  hptmv(4)
  i4b(4)
  i4bcapi(4)
  i4bctl(4)
  i4bing(4)
  i4bipr(4)
  i4bisppp(4)
  i4bq921(4)
  i4bq931(4)
  i4brbch(4)
  i4btel(4)
  i4btrc(4)
  iavc(4)
  ichsmb(4)
  ichwd(4)
  icmp(4)
  icmp6(4)
  ida(4)
  idt(4)
  ie(4)
  ieee80211(4)
  if_an(4)
  if_aue(4)
  if_awi(4)
  if_axe(4)
  if_bfe(4)
  if_bge(4)
  if_cue(4)
  if_dc(4)
  if_de(4)
  if_disc(4)
  if_ed(4)
  if_ef(4)
  if_em(4)
  if_en(4)
  if_faith(4)
  if_fatm(4)
  if_fwe(4)
  if_fwip(4)
  if_fxp(4)
  if_gem(4)
  if_gif(4)
  if_gre(4)
  if_gx(4)
  if_hatm(4)
  if_hme(4)
  if_idt(4)
  if_kue(4)
  if_lge(4)
  if_my(4)
  if_ndis(4)
  if_nge(4)
  if_oltr(4)
  if_patm(4)
  if_pcn(4)
  if_ppp(4)
  if_re(4)
  if_rl(4)
  if_rue(4)
  if_sbni(4)
  if_sbsh(4)
  if_sf(4)
  if_sis(4)
  if_sk(4)
  if_sl(4)
  if_sn(4)
  if_ste(4)
  if_stf(4)
  if_tap(4)
  if_ti(4)
  if_tl(4)
  if_tun(4)
  if_tx(4)
  if_txp(4)
  if_udav(4)
  if_vge(4)
  if_vlan(4)
  if_vr(4)
  if_wb(4)
  if_wi(4)
  if_xe(4)
  if_xl(4)
  ifmib(4)
  ifpi(4)
  ifpi2(4)
  ifpnp(4)
  ihfc(4)
  iic(4)
  iicbb(4)
  iicbus(4)
  iicsmb(4)
  iir(4)
  imm(4)
  inet(4)
  inet6(4)
  intpm(4)
  intro(4)
  io(4)
  ip(4)
  ip6(4)
  ipaccounting(4)
  ipacct(4)
  ipf(4)
  ipfirewall(4)
  ipfw(4)
  ipl(4)
  ipnat(4)
  ips(4)
  ipsec(4)
  isic(4)
  isp(4)
  ispfw(4)
  itjc(4)
  iwic(4)
  ixgb(4)
  joy(4)
  kame(4)
  keyboard(4)
  kld(4)
  kmem(4)
  ktr(4)
  kue(4)
  led(4)
  lge(4)
  linux(4)
  lnc(4)
  lo(4)
  longrun(4)
  loop(4)
  lp(4)
  lpbb(4)
  lpt(4)
  mac(4)
  mac_biba(4)
  mac_bsdextended(4)
  mac_ifoff(4)
  mac_lomac(4)
  mac_mls(4)
  mac_none(4)
  mac_partition(4)
  mac_portacl(4)
  mac_seeotheruids(4)
  mac_stub(4)
  mac_test(4)
  mcd(4)
  md(4)
  mem(4)
  meteor(4)
  miibus(4)
  mlx(4)
  mly(4)
  mouse(4)
  mpt(4)
  mse(4)
  mtio(4)
  multicast(4)
  my(4)
  natm(4)
  natmip(4)
  ncr(4)
  ncv(4)
  ndis(4)
  net(4)
  netgraph(4)
  netintro(4)
  networking(4)
  ng_UI(4)
  ng_async(4)
  ng_atm(4)
  ng_atmllc(4)
  ng_atmpif(4)
  ng_bluetooth(4)
  ng_bpf(4)
  ng_bridge(4)
  ng_bt3c(4)
  ng_btsocket(4)
  ng_ccatm(4)
  ng_cisco(4)
  ng_device(4)
  ng_echo(4)
  ng_eiface(4)
  ng_etf(4)
  ng_ether(4)
  ng_fec(4)
  ng_frame_relay(4)
  ng_gif(4)
  ng_gif_demux(4)
  ng_h4(4)
  ng_hci(4)
  ng_hole(4)
  ng_hub(4)
  ng_iface(4)
  ng_ip_input(4)
  ng_ksocket(4)
  ng_l2cap(4)
  ng_l2tp(4)
  ng_lmi(4)
  ng_mppc(4)
  ng_netflow(4)
  ng_one2many(4)
  ng_ppp(4)
  ng_pppoe(4)
  ng_pptpgre(4)
  ng_rfc1490(4)
  ng_socket(4)
  ng_split(4)
  ng_sppp(4)
  ng_sscfu(4)
  ng_sscop(4)
  ng_tee(4)
  ng_tty(4)
  ng_ubt(4)
  ng_uni(4)
  ng_vjc(4)
  ng_vlan(4)
  nge(4)
  nmdm(4)
  npx(4)
  nsp(4)
  null(4)
  ohci(4)
  oldcard(4)
  oltr(4)
  opie(4)
  orm(4)
  pae(4)
  pass(4)
  patm(4)
  pccard(4)
  pccbb(4)
  pcf(4)
  pci(4)
  pcic(4)
  pcm(4)
  pcn(4)
  pcvt(4)
  perfmon(4)
  pf(4)
  pflog(4)
  pfsync(4)
  pim(4)
  plip(4)
  pnp(4)
  pnpbios(4)
  polling(4)
  ppbus(4)
  ppc(4)
  ppi(4)
  ppp(4)
  psm(4)
  pst(4)
  pt(4)
  pty(4)
  puc(4)
  random(4)
  rawip(4)
  ray(4)
  rc(4)
  re(4)
  rl(4)
  rndtest(4)
  route(4)
  rp(4)
  rue(4)
  sa(4)
  sab(4)
  safe(4)
  sbni(4)
  sbp(4)
  sbp_targ(4)
  sbsh(4)
  sc(4)
  scbus(4)
  scd(4)
  sched_4bsd(4)
  sched_ule(4)
  screen(4)
  screensaver(4)
  scsi(4)
  sem(4)
  ses(4)
  sf(4)
  si(4)
  sio(4)
  sis(4)
  sk(4)
  skey(4)
  sl(4)
  smapi(4)
  smb(4)
  smbus(4)
  smp(4)
  sn(4)
  snc(4)
  snd(4)
  snd_ad1816(4)
  snd_als4000(4)
  snd_cmi(4)
  snd_cs4281(4)
  snd_csa(4)
  snd_ds1(4)
  snd_emu10k1(4)
  snd_es137x(4)
  snd_ess(4)
  snd_fm801(4)
  snd_gusc(4)
  snd_ich(4)
  snd_maestro(4)
  snd_maestro3(4)
  snd_neomagic(4)
  snd_sbc(4)
  snd_solo(4)
  snd_uaudio(4)
  snd_via8233(4)
  snd_via82c686(4)
  snd_vibes(4)
  snp(4)
  sound(4)
  speaker(4)
  spic(4)
  spkr(4)
  splash(4)
  sppp(4)
  sr(4)
  stderr(4)
  stdin(4)
  stdout(4)
  ste(4)
  stf(4)
  stg(4)
  streams(4)
  svr4(4)
  sym(4)
  syncache(4)
  syncer(4)
  syncookies(4)
  syscons(4)
  sysmouse(4)
  tap(4)
  targ(4)
  tcp(4)
  tdfx(4)
  termios(4)
  ti(4)
  tl(4)
  trm(4)
  ttcp(4)
  tty(4)
  tun(4)
  twa(4)
  twe(4)
  tx(4)
  txp(4)
  uart(4)
  ubsa(4)
  ubsec(4)
  ubser(4)
  ubtbcmfw(4)
  ucom(4)
  udav(4)
  udbp(4)
  udp(4)
  ufm(4)
  uftdi(4)
  ugen(4)
  uhci(4)
  uhid(4)
  uhidev(4)
  ukbd(4)
  ulpt(4)
  umass(4)
  umct(4)
  umodem(4)
  ums(4)
  unix(4)
  uplcom(4)
  urio(4)
  usb(4)
  uscanner(4)
  utopia(4)
  uvisor(4)
  uvscom(4)
  vga(4)
  vge(4)
  viapm(4)
  vinum(4)
  vinumdebug(4)
  vlan(4)
  vn(4)
  vpd(4)
  vpo(4)
  vr(4)
  vt(4)
  vx(4)
  watchdog(4)
  wb(4)
  wd(4)
  wdc(4)
  wi(4)
  witness(4)
  wl(4)
  wlan(4)
  worm(4)
  xe(4)
  xl(4)
  xpt(4)
  zero(4)

mac_mls(4)

NAME

     mac_mls -- Multi-Level Security confidentiality policy


SYNOPSIS

     To compile MLS into your kernel, place the following lines in your kernel
     configuration file:

	   options MAC
	   options MAC_MLS

     Alternately, to load the MLS module at boot time, place the following
     line in your kernel configuration file:

	   options MAC

     and in loader.conf(5):

	   mac_mls_load="YES"


DESCRIPTION

     The mac_mls policy module implements the Multi-Level Security, or MLS
     model, which controls access between subjects and objects based on their
     confidentiality by means of a strict information flow policy.  Each sub-
     ject and object in the system has an MLS label associated with it; each
     subject's MLS label contains information on its clearance level, and each
     object's MLS label contains information on its classification.

     In MLS, all system subjects and objects are assigned confidentiality
     labels, made up of a sensitivity level and zero or more compartments.
     Together, these label elements permit all labels to be placed in a par-
     tial order, with confidentiality protections based on a dominance opera-
     tor describing the order.	The sensitivity level is expressed as a value
     between 0 and 65535, with higher values reflecting higher sensitivity
     levels.  The compartment field is expressed as a set of up to 256 compo-
     nents, numbered from 1 to 256.  A complete label consists of both sensi-
     tivity and compartment elements.

     With normal labels, dominance is defined as a label having a higher or
     equal active sensitivity level, and having at least all of the same com-
     partments as the label to which it is being compared.  With respect to
     label comparisons, ``lower'' is defined as being dominated by the label
     to which it is being compared, and ``higher'' is defined as dominating
     the label to which it is being compared, and ``equal'' is defined as both
     labels being able to satisfy the dominance requirements over one another.

     Three special label values exist:

	   Label	Comparison
	   mls/low	dominated by all other labels
	   mls/equal	equal to all other labels
	   mls/high	dominates all other labels

     The ``mls/equal'' label may be applied to subjects and objects for which
     no enforcement of the MLS security policy is desired.

     The MLS model enforces the following basic restrictions:

     o	 Subjects may not write to objects with a lower classification level
	 than its own clearance level.

     o	 A subject may read and write to an object if its clearance level is
	 equal to the object's classification level as though MLS protections
	 were not in place.

     These rules prevent subjects of lower clearance from gaining access
     information classified beyond its clearance level in order to protect the
     confidentiality of classified information, subjects of higher clearance
     from writing to objects of lower classification in order to prevent the
     accidental or malicious leaking of information, and subjects of lower
     clearance from observing subjects of higher clearance altogether.	In
     traditional trusted operating systems, the MLS confidentiality model is
     used in concert with the Biba integrity model (mac_biba(4)) in order to
     protect the Trusted Code Base (TCB).

   Label Format
     Almost all system objects are tagged with an effective, active label ele-
     ment, reflecting the classification of the object, or classification of
     the data contained in the object.	In general, object labels are repre-
     sented in the following form:

	   mls/grade:compartments

     For example:

	   mls/10:2+3+6
	   mls/low

     Subject labels consist of three label elements: an effective (active)
     label, as well as a range of available labels.  This range is represented
     using two ordered MLS label elements, and when set on a process, permits
     the process to change its active label to any label of greater or equal
     integrity to the low end of the range, and lesser or equal integrity to
     the high end of the range.  In general, subject labels are represented in
     the following form:

	   mls/effectivegrade:effectivecompartments(lograde:locompartments-
	   higrade:hicompartments)

     For example:

	   mls/10:2+3+6(5:2+3-20:2+3+4+5+6)
	   mls/high(low-high)

     Valid ranged labels must meet the following requirement regarding their
     elements:

	   rangehigh >= effective >= rangelow

     One class of objects with ranges currently exists, the network interface.
     In the case of the network interface, the effective label element refer-
     ences the default label for packets received over the interface, and the
     range represents the range of acceptable labels of packets to be trans-
     mitted over the interface.

   Runtime Configuration

     security.mac.mls.revocation_enabled
				  Revoke access to objects if the label is
				  changed to a more sensitive level than the
				  subject.  (Default: 0).


IMPLEMENTATION NOTES

     Currently, the mac_mls policy relies on superuser status (suser(9)) in
     order to change network interface MLS labels.  This will eventually go
     away, but it is currently a liability and may allow the superuser to
     bypass MLS protections.


SEE ALSO

     mac(4), mac_biba(4), mac_bsdextended(4), mac_ifoff(4), mac_lomac(4),
     mac_mls(4), mac_none(4), mac_partition(4), mac_portacl(4),
     mac_seeotheruids(4), mac_test(4), maclabel(7), mac(9)


HISTORY

     The mac_mls policy module first appeared in FreeBSD 5.0 and was developed
     by the TrustedBSD Project.


AUTHORS

     This software was contributed to the FreeBSD Project by Network Asso-
     ciates Laboratories, the Security Research Division of Network Associates
     Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of
     the DARPA CHATS research program.


BUGS

     See mac(9) concerning appropriateness for production use.	The TrustedBSD
     MAC Framework is considered experimental in FreeBSD.

     While the MAC Framework design is intended to support the containment of
     the root user, not all attack channels are currently protected by entry
     point checks.  As such, MAC Framework policies should not be relied on,
     in isolation, to protect against a malicious privileged user.

FreeBSD 5.4		       December 1, 2002 		   FreeBSD 5.4

SPONSORED LINKS




Man(1) output converted with man2html , sed , awk