SECMODEL_EXTENSIONS(9) Kernel Developer's Manual SECMODEL_EXTENSIONS(9)

secmodel_extensionsextensions security model

secmodel_extensions implements extensions to the traditional security model based on the original 4.4BSD. They can be used to grant additional privileges to ordinary users, or enable specific security measures like curtain mode.

The extensions are described below.

When enabled, all returned objects will be filtered according to the user-id requesting information about them, preventing users from accessing objects they do not own.

It affects the output of many commands, including fstat(1), netstat(1), ps(1), sockstat(1), and w(1).

This extension is enabled by setting security.models.extensions.curtain or security.curtain sysctl(7) to a non-zero value.

It can be enabled at any time, but cannot be disabled anymore when the securelevel of the system is above 0.

When enabled, it allows file-systems to be mounted by an ordinary user who owns the point node and has at least read access to the special device mount(8) arguments. Note that the nosuid and nodev flags must be given for non-superuser mounts.

This extension is enabled by setting security.models.extensions.usermount or vfs.generic.usermount sysctl(7) to a non-zero value.

It can be disabled at any time, but cannot be enabled anymore when the securelevel of the system is above 0.

When enabled, an ordinary user is allowed to control the CPU affinity(3) of the processes and threads they own.

This extension is enabled by setting security.models.extensions.user_set_cpu_affinity sysctl(7) to a non-zero value.

It can be disabled at any time, but cannot be enabled anymore when the securelevel of the system is above 0.

Prevent hardlinks to files that the user does not own or has group access to.

To enable user ownership checks, set the sysctl(7) variable security.models.extensions.hardlink_check_uid to a non-zero value.

To enable group membership checks, set the sysctl(7) variable security.models.extensions.hardlink_check_gid to a non-zero value.

These variables can be enabled anytime, but cannot be disabled anymore when the securelevel of the system is above 0.

affinity(3), sched(3), sysctl(7), kauth(9), secmodel(9), secmodel_bsd44(9), secmodel_securelevel(9), secmodel_suser(9)

Elad Efrat <elad@NetBSD.org>

March 27, 2022 NetBSD 11.0