From bb87c3794781abee9042b91c98c27ed8bdcfd369 Mon Sep 17 00:00:00 2001
From: Tom Rhodes <trhodes@FreeBSD.org>
Date: Wed, 8 Dec 2004 15:58:38 +0000
Subject: [PATCH] Document recently added security.mac.portacl.autoport_exempt
 tunable.

Outraced the speed of doc request:	trhodes
---
 share/man/man4/mac_portacl.4 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/share/man/man4/mac_portacl.4 b/share/man/man4/mac_portacl.4
index 39b819f1266..9aa74917812 100644
--- a/share/man/man4/mac_portacl.4
+++ b/share/man/man4/mac_portacl.4
@@ -203,6 +203,14 @@ Allow superuser (i.e., root) to bind to all
 protected ports, even if the port access control list does not
 explicitly allow this.
 (Default: 1).
+.It Va security.mac.portacl.autoport_exempt
+Allow applications to use automatic binding to port 0.
+Often applications will use port 0 as a request for
+automatic port allocation before binding an IP address to
+a socket.  This tunable will exempt port 0 allocation from
+rule checking when a low port is required and
+.Dv IP_PORTRANGELOW
+is set to a value above 1.
 .El
 .Sh SEE ALSO
 .Xr mac 3 ,