Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
MAC_BSDEXTENDED(4)	 BSD Kernel Interfaces Manual	    MAC_BSDEXTENDED(4)

NAME
     mac_bsdextended --	file system firewall policy

SYNOPSIS
     To	compile	the file system	firewall policy	into your kernel, place	the
     following lines in	your kernel configuration file:

	   options MAC
	   options MAC_BSDEXTENDED

     Alternately, to load the file system firewall policy module at boot time,
     place the following line in your kernel configuration file:

	   options MAC

     and in loader.conf(5):

	   mac_bsdextended_load="YES"

DESCRIPTION
     The mac_bsdextended interface provides an interface for the system	admin-
     istrator to impose	mandatory rules	regarding users	and some system	ob-
     jects.  Rules are uploaded	to the module (typically using ugidfw(8), or
     some other	tool utilizing libugidfw(3)) where they	are stored internally
     and used to determine whether to allow or deny specific accesses (see
     ugidfw(8)).

IMPLEMENTATION NOTES
     While the traditional mac(9) entry	points are implemented,	policy labels
     are not used; instead, access control decisions are made by iterating
     through the internal list of rules	until a	rule which denies the particu-
     lar access	is found, or the end of	the list is reached.

SEE ALSO
     libugidfw(3), mac(4), mac_biba(4),	mac_ifoff(4), mac_lomac(4),
     mac_mls(4), mac_none(4), mac_partition(4),	mac_portacl(4),
     mac_seeotheruids(4), mac_test(4), ugidfw(8), mac(9)

HISTORY
     The mac_bsdextended policy	module first appeared in FreeBSD 5.0 and was
     developed by the TrustedBSD Project.

AUTHORS
     This software was contributed to the FreeBSD Project by NAI Labs, the Se-
     curity Research Division of Network Associates Inc. under DARPA/SPAWAR
     contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
     program.

BSD			       October 16, 2002				   BSD

NAME | SYNOPSIS | DESCRIPTION | IMPLEMENTATION NOTES | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=mac_bsdextended&sektion=4&manpath=FreeBSD+5.2-RELEASE+and+Ports>

home | help