setfsmac(8)
NAME
setfsmac - set MAC label for a file hierarchy
SYNOPSIS
setfsmac [-ehqvx] [-f specfile] ... [-s specfile] ... file ...
DESCRIPTION
- The setfsmac utility accepts a list of specification files
- as input and
sets the MAC labels on the specified file system hierar - chies. Path names
specified will be visited in order as given on the command - line, and each
tree will be traversed in pre-order. (Generally, it will - not be very
useful to use relative paths instead of absolute paths.) - Multiple
entries matching a single file will be combined and applied - in a single
transaction. - The following options are available:
- -e Treat any file systems encountered which do not sup
- port MAC
- labelling as errors, instead of warning and skipping
- them.
- -f specfile
- Apply the specifications in specfile to the speci
- fied paths.
NOTE: Only the first entry for each file is applied; - all others
are disregarded and silently dropped. Multiple -f - arguments may
be specified to include multiple specification - files.
- -h When a symbolic link is encountered, change the la
- bel of the link
- rather than the file the link points to.
- -q Do not print non-fatal warnings during execution.
- -s specfile
- Apply the specifications in specfile, but assume the
- specification format is compatible with the SELinux specfile
- format.
NOTE: Only the first entry for each file is applied; - all others
are disregarded and silently dropped. The prefix - ``sebsd/'' will
be automatically prepended to the labels in - specfile. Labels
matching ``<<none>>'' will be explicitly not rela - beled. This
permits SEBSD to reuse existing SELinux policy spec - ification
files. - -v Increase the degree of verbosity.
- -x Do not recurse into new file systems when traversing
- them.
FILES
- /usr/share/security/lomac-policy.contexts Sample spec
- file containing
- LOMAC policy
- entries.
EXAMPLES
See FILES.
SEE ALSO
- mac(3), mac_set_file(3), mac_set_link(3), mac(4), re_for
- mat(7),
getfmac(8), setfmac(8), mac(9)
AUTHORS
- This software was contributed to the FreeBSD Project by Net
- work Associates Labs, the Security Research Division of Network Associ
- ates Inc.
under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as - part of the
DARPA CHATS research program. - BSD February 17, 2004