Mandatory Access Control label format
If Mandatory Access Control, or MAC, is enabled in the kernel, then in addition
to the traditional credentials, each subject (typically a user or a socket)
and object (file system object, socket, etc.) is given a
. The MAC label specifies the necessary
subject-specific or object-specific information necessary for a MAC security
policy to enforce access control on the subject/object.
The format for a MAC label is defined as follows:
A MAC label consists of a policy name, followed by a forward slash, followed by
the subject or object's qualifier, optionally followed by a comma and one or
more additional policy labels. For example:
MAC first appeared in FreeBSD 5.0
This software was contributed to the FreeBSD
NAI Labs, the Security Research Division of Network Associates Inc. under
DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the
DARPA CHATS research program.