setfsmac(8)

NAME

setfsmac - set MAC label for a file hierarchy

SYNOPSIS

setfsmac [-ehqvx] [-f specfile] ... [-s specfile]  ...  file
...

DESCRIPTION

The setfsmac utility accepts a list of specification files
as input and
sets the MAC labels on the specified file system hierar
chies. Path names
specified will be visited in order as given on the command
line, and each
tree will be traversed in pre-order. (Generally, it will
not be very
useful to use relative paths instead of absolute paths.)
Multiple
entries matching a single file will be combined and applied
in a single
transaction.
The following options are available:
-e Treat any file systems encountered which do not sup
port MAC
labelling as errors, instead of warning and skipping
them.
-f specfile
Apply the specifications in specfile to the speci
fied paths.
NOTE: Only the first entry for each file is applied;
all others
are disregarded and silently dropped. Multiple -f
arguments may
be specified to include multiple specification
files.
-h When a symbolic link is encountered, change the la
bel of the link
rather than the file the link points to.
-q Do not print non-fatal warnings during execution.
-s specfile
Apply the specifications in specfile, but assume the
specification format is compatible with the SELinux specfile
format.
NOTE: Only the first entry for each file is applied;
all others
are disregarded and silently dropped. The prefix
``sebsd/'' will
be automatically prepended to the labels in
specfile. Labels
matching ``<<none>>'' will be explicitly not rela
beled. This
permits SEBSD to reuse existing SELinux policy spec
ification
files.
-v Increase the degree of verbosity.
-x Do not recurse into new file systems when traversing
them.

FILES

/usr/share/security/lomac-policy.contexts Sample spec
file containing
LOMAC policy
entries.

EXAMPLES

See FILES.

SEE ALSO

mac(3), mac_set_file(3), mac_set_link(3), mac(4), re_for
mat(7),
getfmac(8), setfmac(8), mac(9)

AUTHORS

This software was contributed to the FreeBSD Project by Net
work Associates Labs, the Security Research Division of Network Associ
ates Inc.
under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as
part of the
DARPA CHATS research program.
BSD February 17, 2004
Copyright © 2010-2024 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout