Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
MAC(3)                 FreeBSD Library Functions Manual                 MAC(3)

NAME
     mac - introduction to the MAC security API

LIBRARY
     Standard C Library (libc, -lc)

SYNOPSIS
     #include <sys/mac.h>

     In the kernel configuration file:
     options MAC

DESCRIPTION
     FreeBSD permits administrators to define Mandatory Access Control labels
     defining levels for the privacy and integrity of data, overriding
     discretionary policies for those objects.  Not all objects currently
     provide support for MAC labels, and MAC support must be explicitly
     enabled by the administrator.  The library calls include routines to
     retrieve, duplicate, and set MAC labels associated with files and
     processes.

     POSIX.1e describes a set of MAC manipulation routines to manage the
     contents of MAC labels, as well as their relationships with files and
     processes; almost all of these support routines are implemented in
     FreeBSD.

     Available functions, sorted by behavior, include:

     mac_get_fd()
             This function is described in mac_get(3), and may be used to
             retrieve the MAC label associated with a specific file
             descriptor.

     mac_get_file()
             This function is described in mac_get(3), and may be used to
             retrieve the MAC label associated with a named file.

     mac_get_proc()
             This function is described in mac_get(3), and may be used to
             retrieve the MAC label associated with the calling process.

     mac_set_fd()
             This function is described in mac_set(3), and may be used to set
             the MAC label associated with a specific file descriptor.

     mac_set_file()
             This function is described in mac_set(3), and may be used to set
             the MAC label associated with a named file.

     mac_set_proc()
             This function is described in mac_set(3), and may be used to set
             the MAC label associated with the calling process.

     mac_free()
             This function is described in mac_free(3), and may be used to
             free userland working MAC label storage.

     mac_from_text()
             This function is described in mac_text(3), and may be used to
             convert a text-form MAC label into a working mac_t.

     mac_prepare()

     mac_prepare_file_label()

     mac_prepare_ifnet_label()

     mac_prepare_process_label()
             These functions are described in mac_prepare(3), and may be used
             to preallocate storage for MAC label retrieval.  mac_prepare(3)
             prepares a label based on caller-specified label names; the other
             calls rely on the default configuration specified in mac.conf(5).

     mac_to_text()
             This function is described in mac_text(3), and may be used to
             convert a mac_t into a text-form MAC label.
     The behavior of some of these calls is influenced by the configuration
     settings found in mac.conf(5), the MAC library run-time configuration
     file.

IMPLEMENTATION NOTES
     FreeBSD's support for POSIX.1e interfaces and features is currently under
     development.

FILES
     /etc/mac.conf      MAC library configuration file, documented in
                        mac.conf(5).  Provides default behavior for
                        applications aware of MAC labels on system objects,
                        but without policy-specific knowledge.

SEE ALSO
     mac_free(3), mac_get(3), mac_prepare(3), mac_set(3), mac_text(3), mac(4),
     mac.conf(5), mac(9)

STANDARDS
     These APIs are loosely based on the APIs described in POSIX.1e.  POSIX.1e
     is described in IEEE POSIX.1e draft 17.  Discussion of the draft
     continues on the cross-platform POSIX.1e implementation mailing list.  To
     join this list, see the FreeBSD POSIX.1e implementation page for more
     information.  However, the resemblence of these APIs to the POSIX APIs is
     only loose, as the POSIX APIs were unable to express many notions
     required for flexible and extensible access control.

HISTORY
     Support for Mandatory Access Control was introduced in FreeBSD 5.0 as
     part of the TrustedBSD Project.

BUGS
     The TrustedBSD MAC Framework and associated policies, interfaces, and
     applications are considered to be an experimental feature in FreeBSD.
     Sites considering production deployment should keep the experimental
     status of these services in mind during any deployment process.  See also
     mac(9) for related considerations regarding the kernel framework.

FreeBSD 11.0-PRERELEASE         April 19, 2003         FreeBSD 11.0-PRERELEASE

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | IMPLEMENTATION NOTES | FILES | SEE ALSO | STANDARDS | HISTORY | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=mac&manpath=FreeBSD+5.4-RELEASE+and+Ports>

home | help