From owner-p4-projects@FreeBSD.ORG Sun May 22 19:28:47 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0D96816A439; Sun, 22 May 2005 19:28:47 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D64C416A435 for ; Sun, 22 May 2005 19:28:46 +0000 (GMT) (envelope-from trhodes@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9236643D5C for ; Sun, 22 May 2005 19:28:46 +0000 (GMT) (envelope-from trhodes@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j4MJSkHl074603 for ; Sun, 22 May 2005 19:28:46 GMT (envelope-from trhodes@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j4MJSktN074600 for perforce@freebsd.org; Sun, 22 May 2005 19:28:46 GMT (envelope-from trhodes@freebsd.org) Date: Sun, 22 May 2005 19:28:46 GMT Message-Id: <200505221928.j4MJSktN074600@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to trhodes@freebsd.org using -f From: Tom Rhodes To: Perforce Change Reviews Cc: Subject: PERFORCE change 77316 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 May 2005 19:28:48 -0000 http://perforce.freebsd.org/chv.cgi?CH=77316 Change 77316 by trhodes@trhodes_local on 2005/05/22 19:28:41 Mark up fixes, kill hard sentence breaks. Affected files ... .. //depot/projects/trustedbsd/mac/share/man/man4/mac_chkexec.4#3 edit Differences ... ==== //depot/projects/trustedbsd/mac/share/man/man4/mac_chkexec.4#3 (text+ko) ==== @@ -86,10 +86,13 @@ .It Va security.mac.chkexec.enable Set to zero or one to toggle the policy off or on. .It Va security.mac.chkexec.enforce -Toggle the enforcement of the security policy. While the policy is loaded but -not enforced, the system is in learning mode. This means that each time an -objected is executed, the system calculates and stores the checksums for the -object. This allows system administrators to create their "baseline database" +Toggle the enforcement of the security policy. +While the policy is loaded but +not enforced, the system is in learning mode. +This means that each time an object is executed, +the system calculates and stores the checksums for that object. +This allows system administrators to create their +.Dq baseline database of trusted binaries simply by letting the system run in regular operation. .It Va security.mac.chkexec.cache.objmax Adjust the cache size. @@ -98,18 +101,22 @@ Note that this value should be similar to .Dq 1024 during the -.Dx +.Fx buildworld process. .It Va security.mac.chkexec.algo -Specify which hashing algorithm to use. Currently md5 and sha1 are -supported. By default sha1 is used. +Specify which hashing algorithm to use. +Currently MD5 and SHA1 are supported. +By default SHA1 is used. .It Va security.mac.chkexec.cache.enable -Enable or disable the use of the object cache. Disabling the cache results +Enable or disable the use of the object cache. +Disabling the cache results in system execution and run-time linking performance being degraded. .It Va security.mac.chkexec.ignore_untagged -Specify whether or not un-registered binaries should be exempt. This allows users -to execute newly created binaries. It is highly recommended that this option -NOT be enabled. +Specify whether or not un-registered binaries should be exempt. +This allows users to execute newly created binaries. +It is highly recommended that this option +.Em not +be enabled. .El .Sh SEE ALSO .Xr mac 4 ,