Module Name: src
Committed By: christos
Date: Sun Mar 27 16:36:12 UTC 2022
Modified Files:
src/share/man/man9: secmodel_extensions.9
Log Message:
Describe the hardlink restrictions.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/share/man/man9/secmodel_extensions.9
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man9/secmodel_extensions.9
diff -u src/share/man/man9/secmodel_extensions.9:1.6 src/share/man/man9/secmodel_extensions.9:1.7
--- src/share/man/man9/secmodel_extensions.9:1.6 Mon Jan 20 08:08:40 2020
+++ src/share/man/man9/secmodel_extensions.9 Sun Mar 27 12:36:11 2022
@@ -1,4 +1,4 @@
-.\" $NetBSD: secmodel_extensions.9,v 1.6 2020/01/20 13:08:40 nia Exp $
+.\" $NetBSD: secmodel_extensions.9,v 1.7 2022/03/27 16:36:11 christos Exp $
.\"
.\" Copyright (c) 2011 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd November 22, 2012
+.Dd March 27, 2022
.Dt SECMODEL_EXTENSIONS 9
.Os
.Sh NAME
@@ -106,6 +106,26 @@ It can be disabled at any time, but cann
anymore when the
.Em securelevel
of the system is above 0.
+.Sh Hardlink restrictions
+Prevent hardlinks to files that the user does not own or has group access
+to.
+.Pp
+To enable user ownership checks, set the
+.Xr sysctl 7
+variable
+.Pa security.models.extensions.hardlink_check_uid
+to a non-zero value.
+.Pp
+To enable group membership checks, set the
+.Xr sysctl 7
+variable
+.Pa security.models.extensions.hardlink_check_gid
+to a non-zero value.
+.Pp
+These variables can be enabled anytime, but cannot be disabled
+anymore when the
+.Em securelevel
+of the system is above 0.
.Sh SEE ALSO
.Xr affinity 3 ,
.Xr sched 3 ,
