Module name: mac_seeotheruids.ko
Kernel configuration line:
options MAC_SEEOTHERUIDS
Boot option:
mac_seeotheruids_load="YES"
The mac_seeotheruids(4) module mimics and extends
the security.bsd.see_other_uids
and
security.bsd.see_other_gids
sysctl
tunables. This option does
not require any labels to be set before configuration and
can operate transparently with the other modules.
After loading the module, the following
sysctl
tunables may be used to control
the features:
security.mac.seeotheruids.enabled
enables the module and uses the default settings which deny
users the ability to view processes and sockets owned by
other users.
security.mac.seeotheruids.specificgid_enabled
allows certain groups to be exempt from this policy. To
exempt specific groups from this policy, use the
security.mac.seeotheruids.specificgid=
XXX
sysctl
tunable. Replace
XXX
with the numeric group ID to
be exempted.
security.mac.seeotheruids.primarygroup_enabled
is used to exempt specific primary groups from this policy.
When using this tunable,
security.mac.seeotheruids.specificgid_enabled
may not be set.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.