Date: Sun, 22 May 2005 19:28:46 GMT From: Tom Rhodes <trhodes@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 77316 for review Message-ID: <200505221928.j4MJSktN074600@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=77316 Change 77316 by trhodes@trhodes_local on 2005/05/22 19:28:41 Mark up fixes, kill hard sentence breaks. Affected files ... .. //depot/projects/trustedbsd/mac/share/man/man4/mac_chkexec.4#3 edit Differences ... ==== //depot/projects/trustedbsd/mac/share/man/man4/mac_chkexec.4#3 (text+ko) ==== @@ -86,10 +86,13 @@ .It Va security.mac.chkexec.enable Set to zero or one to toggle the policy off or on. .It Va security.mac.chkexec.enforce -Toggle the enforcement of the security policy. While the policy is loaded but -not enforced, the system is in learning mode. This means that each time an -objected is executed, the system calculates and stores the checksums for the -object. This allows system administrators to create their "baseline database" +Toggle the enforcement of the security policy. +While the policy is loaded but +not enforced, the system is in learning mode. +This means that each time an object is executed, +the system calculates and stores the checksums for that object. +This allows system administrators to create their +.Dq baseline database of trusted binaries simply by letting the system run in regular operation. .It Va security.mac.chkexec.cache.objmax Adjust the cache size. @@ -98,18 +101,22 @@ Note that this value should be similar to .Dq 1024 during the -.Dx +.Fx buildworld process. .It Va security.mac.chkexec.algo -Specify which hashing algorithm to use. Currently md5 and sha1 are -supported. By default sha1 is used. +Specify which hashing algorithm to use. +Currently MD5 and SHA1 are supported. +By default SHA1 is used. .It Va security.mac.chkexec.cache.enable -Enable or disable the use of the object cache. Disabling the cache results +Enable or disable the use of the object cache. +Disabling the cache results in system execution and run-time linking performance being degraded. .It Va security.mac.chkexec.ignore_untagged -Specify whether or not un-registered binaries should be exempt. This allows users -to execute newly created binaries. It is highly recommended that this option -NOT be enabled. +Specify whether or not un-registered binaries should be exempt. +This allows users to execute newly created binaries. +It is highly recommended that this option +.Em not +be enabled. .El .Sh SEE ALSO .Xr mac 4 ,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505221928.j4MJSktN074600>
