Module name: mac_seeotheruids.ko
Kernel configuration line:
options MAC_SEEOTHERUIDS
Boot option:
mac_seeotheruids_load="YES"
The mac_seeotheruids(4) module mimics and extends
the security.bsd.see_other_uids
and
security.bsd.see_other_gids
sysctl
tunables. This option does
not require any labels to be set before configuration and
can operate transparently with the other modules.
After loading the module, the following
sysctl
tunables may be used to control
the features:
security.mac.seeotheruids.enabled
enables the module and uses the default settings which deny
users the ability to view processes and sockets owned by
other users.
security.mac.seeotheruids.specificgid_enabled
allows certain groups to be exempt from this policy. To
exempt specific groups from this policy, use the
security.mac.seeotheruids.specificgid=
XXX
sysctl
tunable. Replace
XXX
with the numeric group ID to
be exempted.
security.mac.seeotheruids.primarygroup_enabled
is used to exempt specific primary groups from this policy.
When using this tunable,
security.mac.seeotheruids.specificgid_enabled
may not be set.
This, and other documents, can be downloaded from http://ftp.FreeBSD.org/pub/FreeBSD/doc/
For questions about FreeBSD, read the
documentation before
contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.