Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
MAC.CONF(5)		  FreeBSD File Formats Manual		   MAC.CONF(5)

NAME
     mac.conf -- format	of the MAC library configuration file

DESCRIPTION
     The mac.conf file configures the default label elements to	be used	by
     policy-agnostic applications that operate on MAC labels.  A file contains
     a series of default label sets specified by object	class, in addition to
     blank lines and comments preceded by a `#'	symbol.

     Currently,	the implementation supports two	syntax styles for label	ele-
     ment declaration.	The old	(deprecated) syntax consists of	a single line
     with two fields separated by white	space: the object class	name, and a
     list of label elements as used by the mac_prepare(3) library calls	prior
     to	an application invocation of a function	from mac_get(3).

     The newer more preferred syntax consists of three fields separated	by
     white space: the label group, object class	name and a list	of label ele-
     ments.

     Label element names may optionally	begin with a `?' symbol	to indicate
     that a failure to retrieve	the label element for an object	should be
     silently ignored, and improves usability if the set of MAC	policies may
     change over time.

FILES
     /etc/mac.conf  MAC	library	configuration file.

EXAMPLES
     The following example configures user applications	to operate with	four
     MAC policies: mac_biba(4),	mac_mls(4), SEBSD, and mac_partition(4).

	   #
	   # Default label set to be used by simple MAC	applications

	   default_labels file ?biba,?lomac,?mls,?sebsd
	   default_labels ifnet	?biba,?lomac,?mls,?sebsd
	   default_labels process ?biba,?lomac,?mls,?partition,?sebsd
	   default_labels socket ?biba,?lomac,?mls

	   #
	   # Deprecated	(old) syntax

	   default_file_labels ?biba,?mls,?sebsd
	   default_ifnet_labels	?biba,?mls,?sebsd
	   default_process_labels ?biba,?mls,partition,?sebsd

     In	this example, userland applications will attempt to retrieve Biba,
     MLS, and SEBSD labels for all object classes; for processes, they will
     additionally attempt to retrieve a	Partition identifier.  In all cases
     except the	Partition identifier, failure to retrieve a label due to the
     respective	policy not being present will be ignored.

SEE ALSO
     mac(3), mac_get(3), mac_prepare(3), mac(4), mac(9)

HISTORY
     Support for Mandatory Access Control was introduced in FreeBSD 5.0	as
     part of the TrustedBSD Project.

BUGS
     The TrustedBSD MAC	Framework and associated policies, interfaces, and
     applications are considered to be an experimental feature in FreeBSD.
     Sites considering production deployment should keep the experimental sta-
     tus of these services in mind during any deployment process.  See also
     mac(9) for	related	considerations regarding the kernel framework.

FreeBSD	9.3			April 19, 2003			   FreeBSD 9.3

NAME | DESCRIPTION | FILES | EXAMPLES | SEE ALSO | HISTORY | BUGS

Want to link to this manual page? Use this URL:
<http://www.freebsd.org/cgi/man.cgi?query=mac.conf&manpath=FreeBSD+10.0-RELEASE>

home | help