[src/trunk]: src/share/man/man9 Describe the hardlink restrictions.

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c6490d9d5729
branches:  trunk
changeset: 364481:c6490d9d5729
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Mar 27 16:36:11 2022 +0000

description:
Describe the hardlink restrictions.

diffstat:

 share/man/man9/secmodel_extensions.9 |  24 ++++++++++++++++++++++--
 1 files changed, 22 insertions(+), 2 deletions(-)

diffs (45 lines):

diff -r 30a31fec7425 -r c6490d9d5729 share/man/man9/secmodel_extensions.9
--- a/share/man/man9/secmodel_extensions.9      Sun Mar 27 16:28:35 2022 +0000
+++ b/share/man/man9/secmodel_extensions.9      Sun Mar 27 16:36:11 2022 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: secmodel_extensions.9,v 1.6 2020/01/20 13:08:40 nia Exp $
+.\" $NetBSD: secmodel_extensions.9,v 1.7 2022/03/27 16:36:11 christos Exp $
 .\"
 .\" Copyright (c) 2011 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 22, 2012
+.Dd March 27, 2022
 .Dt SECMODEL_EXTENSIONS 9
 .Os
 .Sh NAME
@@ -106,6 +106,26 @@
 anymore when the
 .Em securelevel
 of the system is above 0.
+.Sh Hardlink restrictions
+Prevent hardlinks to files that the user does not own or has group access
+to.
+.Pp
+To enable user ownership checks, set the
+.Xr sysctl 7
+variable
+.Pa security.models.extensions.hardlink_check_uid
+to a non-zero value.
+.Pp
+To enable group membership checks, set the
+.Xr sysctl 7
+variable
+.Pa security.models.extensions.hardlink_check_gid
+to a non-zero value.
+.Pp
+These variables can be enabled anytime, but cannot be disabled
+anymore when the
+.Em securelevel
+of the system is above 0.
 .Sh SEE ALSO
 .Xr affinity 3 ,
 .Xr sched 3 ,