GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
MACLABEL(7) FreeBSD Miscellaneous Information Manual MACLABEL(7)

maclabel
Mandatory Access Control label format

If Mandatory Access Control, or MAC, is enabled in the kernel, then in addition to the traditional credentials, each subject (typically a user or a socket) and object (file system object, socket, etc.) is given a MAC label. The MAC label specifies the necessary subject-specific or object-specific information necessary for a MAC security policy to enforce access control on the subject/object.
The format for a MAC label is defined as follows:
policy1/qualifier1,policy2/qualifier2,...
A MAC label consists of a policy name, followed by a forward slash, followed by the subject or object's qualifier, optionally followed by a comma and one or more additional policy labels. For example:
biba/low(low-low) 
biba/high(low-high),mls/equal(equal-equal),partition/0

mac(3), posix1e(3), mac_biba(4), mac_bsdextended(4), mac_ifoff(4), mac_mls(4), mac_none(4), mac_partition(4), mac_seeotheruids(4), mac_test(4), login.conf(5), getfmac(8), getpmac(8), ifconfig(8), setfmac(8), setpmac(8), mac(9)

MAC first appeared in FreeBSD 5.0.

This software was contributed to the FreeBSD Project by NAI Labs, the Security Research Division of Network Associates Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.
October 25, 2002 FreeBSD 12.0-RELEASE

Search for    or go to Top of page |  Section 7 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.