| mac_portacl.4 (125790) | mac_portacl.4 (130582) |
|---|---|
| 1.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris Costello 5.\" at Safeport Network Services and Network Associates Labs, the 6.\" Security Research Division of Network Associates, Inc. under 7.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8.\" DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" | 1.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris Costello 5.\" at Safeport Network Services and Network Associates Labs, the 6.\" Security Research Division of Network Associates, Inc. under 7.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8.\" DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" |
| 31.\" $FreeBSD: head/share/man/man4/mac_portacl.4 125790 2004-02-13 22:08:16Z simon $ | 31.\" $FreeBSD: head/share/man/man4/mac_portacl.4 130582 2004-06-16 08:33:57Z ru $ |
| 32.\" 33.Dd February 13, 2004 34.Dt MAC_PORTACL 4 35.Os 36.Sh NAME 37.Nm mac_portacl 38.Nd "network port access control policy" 39.Sh SYNOPSIS --- 51 unchanged lines hidden (view full) --- 91.Tn UDP 92socket). 93This policy will not limit ports bound implicitly for outgoing 94connections where the process has not explicitly selected a port: 95these are automatically selected by the IP stack. 96.Pp 97When 98.Nm | 32.\" 33.Dd February 13, 2004 34.Dt MAC_PORTACL 4 35.Os 36.Sh NAME 37.Nm mac_portacl 38.Nd "network port access control policy" 39.Sh SYNOPSIS --- 51 unchanged lines hidden (view full) --- 91.Tn UDP 92socket). 93This policy will not limit ports bound implicitly for outgoing 94connections where the process has not explicitly selected a port: 95these are automatically selected by the IP stack. 96.Pp 97When 98.Nm |
| 99is enabled it will control binding access to ports up to the port | 99is enabled, it will control binding access to ports up to the port |
| 100number set in the 101.Va security.mac.portacl.port_high 102.Xr sysctl 8 103variable. | 100number set in the 101.Va security.mac.portacl.port_high 102.Xr sysctl 8 103variable. |
| 104By default all attempts to bind to | 104By default, all attempts to bind to |
| 105.Nm 106controlled ports will fail if not explicitly allowed by the port 107access control list, though binding by the superuser will be allowed, 108if the 109.Xr sysctl 8 110variable 111.Va security.mac.portacl.suser_exempt 112is set to a non-zero value. --- 80 unchanged lines hidden (view full) --- 193.Ef 194If the specified port falls within the range specified, the 195.Nm 196entry will not function 197(i.e., even the specified user/group may not be able to bind to the specified 198port). 199.El 200.It Va security.mac.portacl.suser_exempt | 105.Nm 106controlled ports will fail if not explicitly allowed by the port 107access control list, though binding by the superuser will be allowed, 108if the 109.Xr sysctl 8 110variable 111.Va security.mac.portacl.suser_exempt 112is set to a non-zero value. --- 80 unchanged lines hidden (view full) --- 193.Ef 194If the specified port falls within the range specified, the 195.Nm 196entry will not function 197(i.e., even the specified user/group may not be able to bind to the specified 198port). 199.El 200.It Va security.mac.portacl.suser_exempt |
| 201Allow superuser (i.e. root) to bind to all | 201Allow superuser (i.e., root) to bind to all |
| 202.Nm 203protected ports, even if the port access control list does not 204explicitly allow this. 205(Default: 1). 206.El 207.Sh SEE ALSO 208.Xr mac 3 , 209.Xr ip 4 , --- 23 unchanged lines hidden --- | 202.Nm 203protected ports, even if the port access control list does not 204explicitly allow this. 205(Default: 1). 206.El 207.Sh SEE ALSO 208.Xr mac 3 , 209.Xr ip 4 , --- 23 unchanged lines hidden --- |