Module Name: src Committed By: christos Date: Sun Mar 27 16:36:12 UTC 2022
Modified Files: src/share/man/man9: secmodel_extensions.9 Log Message: Describe the hardlink restrictions. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/share/man/man9/secmodel_extensions.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/share/man/man9/secmodel_extensions.9 diff -u src/share/man/man9/secmodel_extensions.9:1.6 src/share/man/man9/secmodel_extensions.9:1.7 --- src/share/man/man9/secmodel_extensions.9:1.6 Mon Jan 20 08:08:40 2020 +++ src/share/man/man9/secmodel_extensions.9 Sun Mar 27 12:36:11 2022 @@ -1,4 +1,4 @@ -.\" $NetBSD: secmodel_extensions.9,v 1.6 2020/01/20 13:08:40 nia Exp $ +.\" $NetBSD: secmodel_extensions.9,v 1.7 2022/03/27 16:36:11 christos Exp $ .\" .\" Copyright (c) 2011 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 22, 2012 +.Dd March 27, 2022 .Dt SECMODEL_EXTENSIONS 9 .Os .Sh NAME @@ -106,6 +106,26 @@ It can be disabled at any time, but cann anymore when the .Em securelevel of the system is above 0. +.Sh Hardlink restrictions +Prevent hardlinks to files that the user does not own or has group access +to. +.Pp +To enable user ownership checks, set the +.Xr sysctl 7 +variable +.Pa security.models.extensions.hardlink_check_uid +to a non-zero value. +.Pp +To enable group membership checks, set the +.Xr sysctl 7 +variable +.Pa security.models.extensions.hardlink_check_gid +to a non-zero value. +.Pp +These variables can be enabled anytime, but cannot be disabled +anymore when the +.Em securelevel +of the system is above 0. .Sh SEE ALSO .Xr affinity 3 , .Xr sched 3 ,