svn commit: r286189 - in stable/10: lib/libc/posix1e share/man/man4 share/man/man9
Edward Tomasz Napierala
trasz at FreeBSD.org
Sun Aug 2 09:34:09 UTC 2015
Author: trasz
Date: Sun Aug 2 09:34:03 2015
New Revision: 286189
URL: https://svnweb.freebsd.org/changeset/base/286189
Log:
MFC r285873:
Update Capsicum and Mandatory Access Control manual pages
to no longer claim they are experimental.
Sponsored by: The FreeBSD Foundation
Modified:
stable/10/lib/libc/posix1e/mac.3
stable/10/lib/libc/posix1e/mac.conf.5
stable/10/share/man/man4/capsicum.4
stable/10/share/man/man4/mac.4
stable/10/share/man/man4/mac_ifoff.4
stable/10/share/man/man4/mac_mls.4
stable/10/share/man/man4/mac_none.4
stable/10/share/man/man4/mac_partition.4
stable/10/share/man/man4/mac_seeotheruids.4
stable/10/share/man/man4/mac_stub.4
stable/10/share/man/man4/mac_test.4
stable/10/share/man/man4/procdesc.4
stable/10/share/man/man9/mac.9
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/lib/libc/posix1e/mac.3
==============================================================================
--- stable/10/lib/libc/posix1e/mac.3 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/lib/libc/posix1e/mac.3 Sun Aug 2 09:34:03 2015 (r286189)
@@ -31,7 +31,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd August 7, 2009
+.Dd July 25, 2015
.Dt MAC 3
.Os
.Sh NAME
@@ -163,14 +163,3 @@ Support for Mandatory Access Control was
as part of the
.Tn TrustedBSD
Project.
-.Sh BUGS
-The
-.Tn TrustedBSD
-MAC Framework and associated policies, interfaces, and
-applications are considered to be an experimental feature in
-.Fx .
-Sites considering production deployment should keep the experimental
-status of these services in mind during any deployment process.
-See also
-.Xr mac 9
-for related considerations regarding the kernel framework.
Modified: stable/10/lib/libc/posix1e/mac.conf.5
==============================================================================
--- stable/10/lib/libc/posix1e/mac.conf.5 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/lib/libc/posix1e/mac.conf.5 Sun Aug 2 09:34:03 2015 (r286189)
@@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd April 19, 2003
+.Dd July 25, 2015
.Dt MAC.CONF 5
.Os
.Sh NAME
@@ -110,14 +110,3 @@ Support for Mandatory Access Control was
as part of the
.Tn TrustedBSD
Project.
-.Sh BUGS
-The
-.Tn TrustedBSD
-MAC Framework and associated policies, interfaces, and
-applications are considered to be an experimental feature in
-.Fx .
-Sites considering production deployment should keep the experimental
-status of these services in mind during any deployment process.
-See also
-.Xr mac 9
-for related considerations regarding the kernel framework.
Modified: stable/10/share/man/man4/capsicum.4
==============================================================================
--- stable/10/share/man/man4/capsicum.4 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man4/capsicum.4 Sun Aug 2 09:34:03 2015 (r286189)
@@ -26,7 +26,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd October 19, 2013
+.Dd July 25, 2015
.Dt CAPSICUM 4
.Os
.Sh NAME
@@ -124,7 +124,3 @@ and
.An "Kris Kennaway" Aq kris at FreeBSD.org
at Google, Inc., and
.An "Pawel Jakub Dawidek" Aq pawel at dawidek.net .
-.Sh BUGS
-.Nm
-is considered experimental in
-.Fx .
Modified: stable/10/share/man/man4/mac.4
==============================================================================
--- stable/10/share/man/man4/mac.4 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man4/mac.4 Sun Aug 2 09:34:03 2015 (r286189)
@@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd October 30, 2007
+.Dd July 25, 2015
.Dt MAC 4
.Os
.Sh NAME
@@ -239,14 +239,6 @@ under DARPA/SPAWAR contract N66001-01-C-
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
-See
-.Xr mac 9
-concerning appropriateness for production use.
-The
-.Tn TrustedBSD
-MAC Framework is considered experimental in
-.Fx .
-.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.
Modified: stable/10/share/man/man4/mac_ifoff.4
==============================================================================
--- stable/10/share/man/man4/mac_ifoff.4 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man4/mac_ifoff.4 Sun Aug 2 09:34:03 2015 (r286189)
@@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 10, 2002
+.Dd July 25, 2015
.Dt MAC_IFOFF 4
.Os
.Sh NAME
@@ -118,14 +118,6 @@ under DARPA/SPAWAR contract N66001-01-C-
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
-See
-.Xr mac 9
-concerning appropriateness for production use.
-The
-.Tn TrustedBSD
-MAC Framework is considered experimental in
-.Fx .
-.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.
Modified: stable/10/share/man/man4/mac_mls.4
==============================================================================
--- stable/10/share/man/man4/mac_mls.4 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man4/mac_mls.4 Sun Aug 2 09:34:03 2015 (r286189)
@@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 1, 2002
+.Dd July 25, 2015
.Dt MAC_MLS 4
.Os
.Sh NAME
@@ -236,14 +236,6 @@ Inc.\& under DARPA/SPAWAR contract N6600
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
-See
-.Xr mac 9
-concerning appropriateness for production use.
-The
-.Tn TrustedBSD
-MAC Framework is considered experimental in
-.Fx .
-.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.
Modified: stable/10/share/man/man4/mac_none.4
==============================================================================
--- stable/10/share/man/man4/mac_none.4 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man4/mac_none.4 Sun Aug 2 09:34:03 2015 (r286189)
@@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 1, 2002
+.Dd July 25, 2015
.Dt MAC_NONE 4
.Os
.Sh NAME
@@ -98,14 +98,6 @@ under DARPA/SPAWAR contract N66001-01-C-
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
-See
-.Xr mac 9
-concerning appropriateness for production use.
-The
-.Tn TrustedBSD
-MAC Framework is considered experimental in
-.Fx .
-.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.
Modified: stable/10/share/man/man4/mac_partition.4
==============================================================================
--- stable/10/share/man/man4/mac_partition.4 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man4/mac_partition.4 Sun Aug 2 09:34:03 2015 (r286189)
@@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 9, 2002
+.Dd July 25, 2015
.Dt MAC_PARTITION 4
.Os
.Sh NAME
@@ -118,14 +118,6 @@ under DARPA/SPAWAR contract N66001-01-C-
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
-See
-.Xr mac 9
-concerning appropriateness for production use.
-The
-.Tn TrustedBSD
-MAC Framework is considered experimental in
-.Fx .
-.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.
Modified: stable/10/share/man/man4/mac_seeotheruids.4
==============================================================================
--- stable/10/share/man/man4/mac_seeotheruids.4 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man4/mac_seeotheruids.4 Sun Aug 2 09:34:03 2015 (r286189)
@@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd October 6, 2005
+.Dd July 25, 2015
.Dt MAC_SEEOTHERUIDS 4
.Os
.Sh NAME
@@ -116,14 +116,6 @@ under DARPA/SPAWAR contract N66001-01-C-
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
-See
-.Xr mac 9
-concerning appropriateness for production use.
-The
-.Tn TrustedBSD
-MAC Framework is considered experimental in
-.Fx .
-.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.
Modified: stable/10/share/man/man4/mac_stub.4
==============================================================================
--- stable/10/share/man/man4/mac_stub.4 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man4/mac_stub.4 Sun Aug 2 09:34:03 2015 (r286189)
@@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 1, 2002
+.Dd July 25, 2015
.Dt MAC_STUB 4
.Os
.Sh NAME
@@ -101,14 +101,6 @@ under DARPA/SPAWAR contract N66001-01-C-
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
-See
-.Xr mac 9
-concerning appropriateness for production use.
-The
-.Tn TrustedBSD
-MAC Framework is considered experimental in
-.Fx .
-.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.
Modified: stable/10/share/man/man4/mac_test.4
==============================================================================
--- stable/10/share/man/man4/mac_test.4 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man4/mac_test.4 Sun Aug 2 09:34:03 2015 (r286189)
@@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 1, 2002
+.Dd July 25, 2015
.Dt MAC_TEST 4
.Os
.Sh NAME
@@ -102,14 +102,6 @@ under DARPA/SPAWAR contract N66001-01-C-
.Pq Dq CBOSS ,
as part of the DARPA CHATS research program.
.Sh BUGS
-See
-.Xr mac 9
-concerning appropriateness for production use.
-The
-.Tn TrustedBSD
-MAC Framework is considered experimental in
-.Fx .
-.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.
Modified: stable/10/share/man/man4/procdesc.4
==============================================================================
--- stable/10/share/man/man4/procdesc.4 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man4/procdesc.4 Sun Aug 2 09:34:03 2015 (r286189)
@@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd August 21, 2013
+.Dd July 25, 2015
.Dt PROCDESC 4
.Os
.Sh NAME
@@ -87,7 +87,3 @@ at the University of Cambridge, and
and
.An "Kris Kennaway" Aq kris at FreeBSD.org
at Google, Inc.
-.Sh BUGS
-.Nm
-is considered experimental in
-.Fx .
Modified: stable/10/share/man/man9/mac.9
==============================================================================
--- stable/10/share/man/man9/mac.9 Sun Aug 2 09:30:43 2015 (r286188)
+++ stable/10/share/man/man9/mac.9 Sun Aug 2 09:34:03 2015 (r286189)
@@ -33,7 +33,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 10, 2006
+.Dd July 25, 2015
.Dt MAC 9
.Os
.Sh NAME
@@ -62,14 +62,6 @@ opportunity to modify security behavior
Both consumers of the API (normal kernel services) and security modules
must be aware of the semantics of the API calls, particularly with respect
to synchronization primitives (such as locking).
-.Ss Note on Appropriateness for Production Use
-The
-.Tn TrustedBSD
-MAC Framework included in
-.Fx 5.0
-is considered experimental, and should not be deployed in production
-environments without careful consideration of the risks associated with
-the use of experimental operating system features.
.Ss Kernel Objects Supported by the Framework
The MAC framework manages labels on a variety of types of in-kernel
objects, including process credentials, vnodes, devfs_dirents, mount
@@ -232,13 +224,6 @@ Additional contributors include:
and
.An Tim Robbins .
.Sh BUGS
-See the earlier section in this document concerning appropriateness
-for production use.
-The
-.Tn TrustedBSD
-MAC Framework is considered experimental in
-.Fx .
-.Pp
While the MAC Framework design is intended to support the containment of
the root user, not all attack channels are currently protected by entry
point checks.
More information about the svn-src-all
mailing list