secmodel_extensions(9) - NetBSD Manual Pages

SECMODEL_EXTENSIONS(9) NetBSD Kernel Developer's Manual SECMODEL_EXTENSIONS(9)


NAME

     secmodel_extensions -- extensions security model


DESCRIPTION

     secmodel_extensions implements extensions to the traditional security
     model based on the original 4.4BSD.  They can be used to grant additional
     privileges to ordinary users, or enable specific security measures like
     curtain mode.

     The extensions are described below.

Curtain mode
     When enabled, all returned objects will be filtered according to the
     user-id requesting information about them, preventing users from access-
     ing objects they do not own.

     It affects the output of many commands, including fstat(1), netstat(1),
     ps(1), sockstat(1), and w(1).

     This extension is enabled by setting security.models.extensions.curtain
     or security.curtain sysctl(7) to a non-zero value.

     It can be enabled at any time, but cannot be disabled anymore when the
     securelevel of the system is above 0.

Non-superuser mounts
     When enabled, it allows file-systems to be mounted by an ordinary user
     who owns the point node and has at least read access to the special
     device mount(8) arguments.  Note that the nosuid and nodev flags must be
     given for non-superuser mounts.

     This extension is enabled by setting security.models.extensions.usermount
     or vfs.generic.usermount sysctl(7) to a non-zero value.

     It can be disabled at any time, but cannot be enabled anymore when the
     securelevel of the system is above 0.

Non-superuser control of CPU sets
     When enabled, an ordinary user is allowed to control the CPU affinity(3)
     of the processes and threads they own.

     This extension is enabled by setting
     security.models.extensions.user_set_cpu_affinity sysctl(7) to a non-zero
     value.

     It can be disabled at any time, but cannot be enabled anymore when the
     securelevel of the system is above 0.

Hardlink restrictions
     Prevent hardlinks to files that the user does not own or has group access
     to.

     To enable user ownership checks, set the sysctl(7) variable
     security.models.extensions.hardlink_check_uid to a non-zero value.

     To enable group membership checks, set the sysctl(7) variable
     security.models.extensions.hardlink_check_gid to a non-zero value.

     These variables can be enabled anytime, but cannot be disabled anymore
     when the securelevel of the system is above 0.


SEE ALSO

     affinity(3), sched(3), sysctl(7), kauth(9), secmodel(9),
     secmodel_bsd44(9), secmodel_securelevel(9), secmodel_suser(9)


AUTHORS

     Elad Efrat <elad@NetBSD.org>

NetBSD 10.99                    March 27, 2022                    NetBSD 10.99

Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.