maclabel(7)
NAME
maclabel - Mandatory Access Control label format
DESCRIPTION
- If Mandatory Access Control, or MAC, is enabled in the ker
- nel, then in
addition to the traditional credentials, each subject (typi - cally a user
or a socket) and object (file system object, socket, etc.) - is given a MAC
label. The MAC label specifies the necessary subject-spe - cific or objectspecific information necessary for a MAC security policy to
- enforce
access control on the subject/object. - The format for a MAC label is defined as follows:
policy1/qualifier1,policy2/qualifier2,...- A MAC label consists of a policy name, followed by a forward
- slash, followed by the subject or object's qualifier, optionally fol
- lowed by a
comma and one or more additional policy labels. For exam - ple:
biba/low(low-low)
biba/high(low-high),mls/equal(equal-equal),partition/0
SEE ALSO
- mac(3), posix1e(3), mac_biba(4), mac_bsdextended(4),
- mac_ifoff(4),
mac_mls(4), mac_none(4), mac_partition(4), - mac_seeotheruids(4),
mac_test(4), login.conf(5), getfmac(8), getpmac(8), ifcon - fig(8),
setfmac(8), setpmac(8), mac(9)
HISTORY
MAC first appeared in FreeBSD 5.0.
AUTHORS
- This software was contributed to the FreeBSD Project by NAI
- Labs, the
Security Research Division of Network Associates Inc. under - DARPA/SPAWAR
contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA - CHATS
research program. - BSD October 25, 2002