maclabel(7)

NAME

maclabel - Mandatory Access Control label format

DESCRIPTION

If Mandatory Access Control, or MAC, is enabled in the ker
nel, then in
addition to the traditional credentials, each subject (typi
cally a user
or a socket) and object (file system object, socket, etc.)
is given a MAC
label. The MAC label specifies the necessary subject-spe
cific or objectspecific information necessary for a MAC security policy to
enforce
access control on the subject/object.
The format for a MAC label is defined as follows:

policy1/qualifier1,policy2/qualifier2,...
A MAC label consists of a policy name, followed by a forward
slash, followed by the subject or object's qualifier, optionally fol
lowed by a
comma and one or more additional policy labels. For exam
ple:

biba/low(low-low)
biba/high(low-high),mls/equal(equal-equal),partition/0

SEE ALSO

mac(3), posix1e(3), mac_biba(4), mac_bsdextended(4),
mac_ifoff(4),
mac_mls(4), mac_none(4), mac_partition(4),
mac_seeotheruids(4),
mac_test(4), login.conf(5), getfmac(8), getpmac(8), ifcon
fig(8),
setfmac(8), setpmac(8), mac(9)

HISTORY

MAC first appeared in FreeBSD 5.0.

AUTHORS

This software was contributed to the FreeBSD Project by NAI
Labs, the
Security Research Division of Network Associates Inc. under
DARPA/SPAWAR
contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA
CHATS
research program.
BSD October 25, 2002
Copyright © 2010-2024 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout