SECMODEL_EXTENSIONS(9) | Kernel Developer's Manual | SECMODEL_EXTENSIONS(9) |
secmodel_extensions
—
secmodel_extensions
implements extensions to the
traditional security model based on the original
4.4BSD. They can be used to grant additional
privileges to ordinary users, or enable specific security measures like
curtain mode.
The extensions are described below.
It affects the output of many commands, including fstat(1), netstat(1), ps(1), sockstat(1), and w(1).
This extension is enabled by setting security.models.extensions.curtain or security.curtain sysctl(7) to a non-zero value.
It can be enabled at any time, but cannot be disabled anymore when the securelevel of the system is above 0.
nosuid
and nodev
flags must be
given for non-superuser mounts.
This extension is enabled by setting security.models.extensions.usermount or vfs.generic.usermount sysctl(7) to a non-zero value.
It can be disabled at any time, but cannot be enabled anymore when the securelevel of the system is above 0.
This extension is enabled by setting security.models.extensions.user_set_cpu_affinity sysctl(7) to a non-zero value.
It can be disabled at any time, but cannot be enabled anymore when the securelevel of the system is above 0.
November 22, 2012 | NetBSD 9.0 |