FreeBSD Man PagesIndex:
ascii(7)build(7)
clocks(7)
development(7)
ditroff(7)
environ(7)
ffs(7)
firewall(7)
groff(7)
groff_char(7)
groff_diff(7)
groff_man(7)
groff_mdoc(7)
groff_me(7)
groff_mm(7)
groff_mmse(7)
groff_ms(7)
groff_trace(7)
groff_www(7)
hier(7)
hostname(7)
intro(7)
lint(7)
maclabel(7)
mailaddr(7)
man(7)
mdoc(7)
mdoc.samples(7)
me(7)
miscellaneous(7)
mm(7)
mmse(7)
ms(7)
operator(7)
orig_me(7)
ports(7)
re_format(7)
release(7)
roff(7)
sdoc(7)
security(7)
sprog(7)
stdint(7)
symlink(7)
term(7)
tuning(7)
maclabel(7)
maclabel -- Mandatory Access Control label formatDESCRIPTION
If Mandatory Access Control, or MAC, is enabled in the kernel, then in
addition to the traditional credentials, each subject (typically a user
or a socket) and object (file system object, socket, etc.) is given a MAC
label. The MAC label specifies the necessary subject-specific or object-
specific information necessary for a MAC security policy to enforce
access control on the subject/object.
The format for a MAC label is defined as follows:
policy1/qualifier1,policy2/qualifier2,...
A MAC label consists of a policy name, followed by a forward slash, fol-
lowed by the subject or object's qualifier, optionally followed by a
comma and one or more additional policy labels. For example:
biba/low(low-low)
biba/high(low-high),mls/equal(equal-equal),partition/0
SEE ALSO
mac(3), posix1e(3), mac_biba(4), mac_bsdextended(4), mac_ifoff(4),
mac_mls(4), mac_none(4), mac_partition(4), mac_seeotheruids(4),
mac_test(4), login.conf(5), getfmac(8), getpmac(8), ifconfig(8),
setfmac(8), setpmac(8), mac(9)
HISTORY
MAC first appeared in FreeBSD 5.0.
AUTHORS
This software was contributed to the FreeBSD Project by NAI Labs, the
Security Research Division of Network Associates Inc. under DARPA/SPAWAR
contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS
research program.
FreeBSD 5.4 October 25, 2002 FreeBSD 5.4
SPONSORED LINKS
Man(1) output converted with man2html , sed , awk