os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Bring mac_bsdextended section up to date a little bit. Discuss the first

Browse source 
match enable and ruleset load on start up options.
This commit is contained in:
Tom Rhodes 2006-03-31 09:58:04 +00:00
parent b39569b8cd
commit d889e662c0
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=27440
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
en_US.ISO8859-1/books/handbook/mac/chapter.sgml
View file

@ -934,9 +934,17 @@ test: biba/high</screen>
firewall. This module's policy provides an extension to the firewall. This module's policy provides an extension to the
standard file system permissions model, permitting an standard file system permissions model, permitting an
administrator to create a firewall-like ruleset to protect files, administrator to create a firewall-like ruleset to protect files,
utilities, and directories in the file system hierarchy.</para> utilities, and directories in the file system hierarchy. When
access to a file system object is attempted, the list of rules
is iterated until either a matching rule is located or the end
is reached. This behavior may be changed by the use of a
&man.sysctl.8; parameter,
security.mac.bsdextended.firstmatch_enabled is set. Similar to
other fire wall modules in &os;, a file containing access control
rules can be created and read by the system at boot time using
an &man.rc.conf.5; variable.</para>
<para>The policy may be created using a utility, &man.ugidfw.8;, <para>The rule list may be created using a utility, &man.ugidfw.8;,
that has a syntax similar to that of &man.ipfw.8;. More tools that has a syntax similar to that of &man.ipfw.8;. More tools
can be written by using the functions in the can be written by using the functions in the
&man.libugidfw.3; library.</para> &man.libugidfw.3; library.</para>