mac.conf man page on FreeBSD

Man page or keyword search:  
man Server   9747 pages
apropos Keyword Search (all sections)
Output format
FreeBSD logo
[printable version]

MAC.CONF(5)		    BSD File Formats Manual		   MAC.CONF(5)

NAME
     mac.conf — format of the MAC library configuration file

DESCRIPTION
     The mac.conf file configures the default label elements to be used by
     policy-agnostic applications that operate on MAC labels.  A file contains
     a series of default label sets specified by object class, in addition to
     blank lines and comments preceded by a ‘#’ symbol.

     Currently, the implementation supports two syntax styles for label ele‐
     ment declaration.	The old (deprecated) syntax consists of a single line
     with two fields separated by white space: the object class name, and a
     list of label elements as used by the mac_prepare(3) library calls prior
     to an application invocation of a function from mac_get(3).

     The newer more preferred syntax consists of three fields separated by
     white space: the label group, object class name and a list of label ele‐
     ments.

     Label element names may optionally begin with a ‘?’ symbol to indicate
     that a failure to retrieve the label element for an object should be
     silently ignored, and improves usability if the set of MAC policies may
     change over time.

FILES
     /etc/mac.conf  MAC library configuration file.

EXAMPLES
     The following example configures user applications to operate with four
     MAC policies: mac_biba(4), mac_mls(4), SEBSD, and mac_partition(4).

	   #
	   # Default label set to be used by simple MAC applications

	   default_labels file ?biba,?lomac,?mls,?sebsd
	   default_labels ifnet ?biba,?lomac,?mls,?sebsd
	   default_labels process ?biba,?lomac,?mls,?partition,?sebsd
	   default_labels socket ?biba,?lomac,?mls

	   #
	   # Deprecated (old) syntax

	   default_file_labels ?biba,?mls,?sebsd
	   default_ifnet_labels ?biba,?mls,?sebsd
	   default_process_labels ?biba,?mls,partition,?sebsd

     In this example, userland applications will attempt to retrieve Biba,
     MLS, and SEBSD labels for all object classes; for processes, they will
     additionally attempt to retrieve a Partition identifier.  In all cases
     except the Partition identifier, failure to retrieve a label due to the
     respective policy not being present will be ignored.

SEE ALSO
     mac(3), mac_get(3), mac_prepare(3), mac(4), mac(9)

HISTORY
     Support for Mandatory Access Control was introduced in FreeBSD 5.0 as
     part of the TrustedBSD Project.

BUGS
     The TrustedBSD MAC Framework and associated policies, interfaces, and
     applications are considered to be an experimental feature in FreeBSD.
     Sites considering production deployment should keep the experimental sta‐
     tus of these services in mind during any deployment process.  See also
     mac(9) for related considerations regarding the kernel framework.

BSD				April 19, 2003				   BSD
[top]

List of man pages available for FreeBSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
...................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net