diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8 index 293ddb62810f..a67dead8b07e 100644 --- a/sbin/mount/mount.8 +++ b/sbin/mount/mount.8 @@ -1,4 +1,4 @@ -.\" $NetBSD: mount.8,v 1.67 2009/02/23 08:14:53 wiz Exp $ +.\" $NetBSD: mount.8,v 1.68 2009/10/02 20:31:19 elad Exp $ .\" .\" Copyright (c) 1980, 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\" @(#)mount.8 8.8 (Berkeley) 6/16/94 .\" -.Dd February 22, 2009 +.Dd October 2, 2009 .Dt MOUNT 8 .Os .Sh NAME @@ -133,23 +133,10 @@ removed in a future version of .Pp In .Nx , -a file system can only be mounted by an ordinary user who owns the -point -.Ar node -and has access to the -.Ar special -device (at least read permissions). -Also, the -.Em vfs.generic.usermount -.Xr sysctl 3 -must be set to 1 to permit file system mounting by ordinary users, -see -.Xr sysctl 8 . -Finally, the flags -.Cm nosuid -and -.Cm nodev -must be given for non-superuser mounts. +the file-system mounting policy is dictated by the running security models. +The default security model may allow unprivileged mounting; see +.Xr secmodel_suser 9 +for details. .Pp The options are as follows: .Bl -tag -width indent diff --git a/share/man/man7/sysctl.7 b/share/man/man7/sysctl.7 index 5027fb977ef7..bb2221a7192a 100644 --- a/share/man/man7/sysctl.7 +++ b/share/man/man7/sysctl.7 @@ -1,4 +1,4 @@ -.\" $NetBSD: sysctl.7,v 1.24 2009/09/11 19:43:26 wiz Exp $ +.\" $NetBSD: sysctl.7,v 1.25 2009/10/02 20:31:19 elad Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 .\" -.Dd September 11, 2009 +.Dd October 2, 2009 .Dt SYSCTL 7 .Os .Sh NAME @@ -713,9 +713,8 @@ Returns 1 if saved set-group and saved set-user ID is available. Maximum socket buffer size. .\" XXX units? .It Li kern.securelevel ( KERN_SECURELVL ) -The system security level. -This level may be raised by processes with appropriate privilege. -It may only be lowered by process 1. +See +.Xr secmodel_securelevel 9 . .It Li kern.somaxkva ( KERN_SOMAXKVA ) Maximum amount of kernel memory to be used for socket buffers. .\" XXX units? diff --git a/share/man/man9/secmodel_securelevel.9 b/share/man/man9/secmodel_securelevel.9 index f46c118cb300..5832e52747b4 100644 --- a/share/man/man9/secmodel_securelevel.9 +++ b/share/man/man9/secmodel_securelevel.9 @@ -1,4 +1,4 @@ -.\" $NetBSD: secmodel_securelevel.9,v 1.6 2009/07/25 16:20:11 mbalmer Exp $ +.\" $NetBSD: secmodel_securelevel.9,v 1.7 2009/10/02 20:31:19 elad Exp $ .\" .\" Copyright (c) 2006 Elad Efrat .\" Copyright (c) 2000 Hugh Graham @@ -180,6 +180,16 @@ Do not overlook the fact that shell scripts (or anything else fed to an interpreter, through any mechanism) and the kernel itself are "programs that run while the security level is 0" and must be considered part of the TCB. +.Pp +The following +.Xr sysctl 3 +variables are exported: +.Bl -tag -width compact +.It security.models.securelevel.securelevel +The system security level. +This level may be raised by processes with appropriate privilege. +It may only be lowered by process 1 (init). +.El .Sh SEE ALSO .Xr kauth 9 , .Xr secmodel 9 , diff --git a/share/man/man9/secmodel_suser.9 b/share/man/man9/secmodel_suser.9 index 2e53ef590b31..9308028fd549 100644 --- a/share/man/man9/secmodel_suser.9 +++ b/share/man/man9/secmodel_suser.9 @@ -1,4 +1,4 @@ -.\" $NetBSD: secmodel_suser.9,v 1.2 2009/10/02 19:50:37 elad Exp $ +.\" $NetBSD: secmodel_suser.9,v 1.3 2009/10/02 20:31:19 elad Exp $ .\" .\" Copyright (c) 2009 Elad Efrat .\" All rights reserved. @@ -41,6 +41,43 @@ The .Em super-user is the host administrator, considered to have higher privileges than other users. +.Pp +The following +.Xr sysctl 3 +variables are exported: +.Bl -tag -width compact +.It security.models.suser.curtain +If non-zero, will filter returned objects according to the user-id +requesting information about them, preventing from users any access to +objects they don't own. +.Pp +At the moment, it affects +.Xr ps 1 , +.Xr netstat 1 +(for +.Dv PF_INET , +.Dv PF_INET6 , +and +.Dv PF_UNIX +PCBs), and +.Xr w 1 . +.It security.models.suser.usermount +Allow non-superuser mounts. +.Pp +If non-zero, file-systems are allowed to be mounted by an ordinary user who +owns the point +.Ar node +and has at least read access to the +.Ar special +device +.Xr mount 8 +arguments. +Finally, the flags +.Cm nosuid +and +.Cm nodev +must be given for non-superuser mounts. +.El .Sh SEE ALSO .Xr kauth 9 , .Xr secmodel 9 ,