| mac_portacl.4 (138586) | mac_portacl.4 (138626) |
|---|---|
| 1.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris Costello 5.\" at Safeport Network Services and Network Associates Labs, the 6.\" Security Research Division of Network Associates, Inc. under 7.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8.\" DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" | 1.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris Costello 5.\" at Safeport Network Services and Network Associates Labs, the 6.\" Security Research Division of Network Associates, Inc. under 7.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8.\" DARPA CHATS research program. --- 14 unchanged lines hidden (view full) --- 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" |
| 31.\" $FreeBSD: head/share/man/man4/mac_portacl.4 138586 2004-12-08 18:11:38Z trhodes $ | 31.\" $FreeBSD: head/share/man/man4/mac_portacl.4 138626 2004-12-09 13:48:33Z trhodes $ |
| 32.\" | 32.\" |
| 33.Dd December 8, 2004 | 33.Dd December , 2004 |
| 34.Dt MAC_PORTACL 4 35.Os 36.Sh NAME 37.Nm mac_portacl 38.Nd "network port access control policy" 39.Sh SYNOPSIS 40To compile the port access control policy into your kernel, 41place the following lines in your kernel --- 158 unchanged lines hidden (view full) --- 200.It Va security.mac.portacl.suser_exempt 201Allow superuser (i.e., root) to bind to all 202.Nm 203protected ports, even if the port access control list does not 204explicitly allow this. 205(Default: 1). 206.It Va security.mac.portacl.autoport_exempt 207Allow applications to use automatic binding to port 0. | 34.Dt MAC_PORTACL 4 35.Os 36.Sh NAME 37.Nm mac_portacl 38.Nd "network port access control policy" 39.Sh SYNOPSIS 40To compile the port access control policy into your kernel, 41place the following lines in your kernel --- 158 unchanged lines hidden (view full) --- 200.It Va security.mac.portacl.suser_exempt 201Allow superuser (i.e., root) to bind to all 202.Nm 203protected ports, even if the port access control list does not 204explicitly allow this. 205(Default: 1). 206.It Va security.mac.portacl.autoport_exempt 207Allow applications to use automatic binding to port 0. |
| 208Often applications will use port 0 as a request for 209automatic port allocation before binding an IP address to 210a socket. 211This tunable will exempt port 0 allocation from 212rule checking when a low port will not be used. 213For this to perform as expected, 214.Dv IP_PORTRANGELOW 215is must not be set as it is used to request a 216low port. | 208Applications use port 0 as a request for automatic port allocation when 209binding an IP address to a socket. 210This tunable will exempt port 0 allocation from rule checking. 211(Default: 1) |
| 217.El 218.Sh SEE ALSO 219.Xr mac 3 , 220.Xr ip 4 , 221.Xr mac_biba 4 , 222.Xr mac_bsdextended 4 , 223.Xr mac_ifoff 4 , 224.Xr mac_mls 4 , --- 19 unchanged lines hidden --- | 212.El 213.Sh SEE ALSO 214.Xr mac 3 , 215.Xr ip 4 , 216.Xr mac_biba 4 , 217.Xr mac_bsdextended 4 , 218.Xr mac_ifoff 4 , 219.Xr mac_mls 4 , --- 19 unchanged lines hidden --- |