Module name: mac_seeotheruids.ko
Kernel configuration line: options MAC_SEEOTHERUIDS
Boot option: mac_seeotheruids_load="YES"
The mac_seeotheruids(4)
module mimics and extends the security.bsd.see_other_uids
and security.bsd.see_other_gids sysctl tunables. This option does not require any labels to be set
before configuration and can operate transparently with the other modules.
After loading the module, the following sysctl tunables may be used to control the features:
security.mac.seeotheruids.enabled enables the
module and uses the default settings which deny users the ability to view processes
and sockets owned by other users.
security.mac.seeotheruids.specificgid_enabled
allows certain groups to be exempt from this policy. To exempt specific
groups from this policy, use the security.mac.seeotheruids.specificgid=XXX sysctl tunable.
Replace XXX with the numeric group ID to
be exempted.
security.mac.seeotheruids.primarygroup_enabled
is used to exempt specific primary groups from this policy. When using this
tunable, security.mac.seeotheruids.specificgid_enabled
may not be set.
| Prev | Home | Next |
| Module Configuration | Up | The mac_bsdextended(4) Module |