mac_test(4)
NAME
mac_test - MAC framework testing policy
SYNOPSIS
To compile the testing policy into your kernel, place the
following lines
in your kernel configuration file:
options MAC
options MAC_TEST
Alternately, to load the testing module at boot time, place
the following
line in your kernel configuration file:
options MAC
and in loader.conf(5):
mac_test_load="YES"
DESCRIPTION
- The mac_test policy module implements a testing facility for
- the MAC
framework. Among other things, mac_test will try to catch - corrupt labels
the system is attempting to destroy and drop to the debug - ger. Additionally, a set of statistics regarding the number of times var
- ious MAC
framework entry points have been called is stored in the
security.mac.test sysctl(8) tree. - Label Format
- No labels are defined for mac_test.
SEE ALSO
- mac(4), mac_biba(4), mac_bsdextended(4), mac_ifoff(4),
- mac_lomac(4),
mac_mls(4), mac_none(4), mac_partition(4), mac_portacl(4),
mac_seeotheruids(4), mac(9)
HISTORY
- The mac_test policy module first appeared in FreeBSD 5.0 and
- was developed by the TrustedBSD Project.
AUTHORS
- This software was contributed to the FreeBSD Project by Net
- work Associates Labs, the Security Research Division of Network Associ
- ates Inc.
under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as - part of the
DARPA CHATS research program.
BUGS
- See mac(9) concerning appropriateness for production use.
- The TrustedBSD
MAC Framework is considered experimental in FreeBSD. - While the MAC Framework design is intended to support the
- containment of
the root user, not all attack channels are currently pro - tected by entry
point checks. As such, MAC Framework policies should not be - relied on,
in isolation, to protect against a malicious privileged us - er.
- BSD December 1, 2002