*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->FreeBSD man pages -> mac.conf (5)              
Title
Content
Arch
Section
 

MAC.CONF(5)

Contents

NAME    [Toc]    [Back]

     mac.conf -- format of the MAC library configuration file

DESCRIPTION    [Toc]    [Back]

     The mac.conf file configures the default label elements to be used by
     policy-agnostic applications that operate on MAC labels.  A file contains
     a series of default label sets specified by object class, in addition to
     blank lines and comments preceded by a `#' symbol.

     Each declaration consists of a single line with two fields separated by
     white space: the object class name, and a list of label elements as used
     by the mac_prepare(3) library calls prior to an application invocation of
     a function from mac_get(3).  Label element names may optionally begin
     with a `?' symbol to indicate that a failure to retrieve the label element
 for an object should be silently ignored, and improves usability if
     the set of MAC policies may change over time.

EXAMPLES    [Toc]    [Back]

     The following example configures user applications to operate with four
     MAC policies: mac_biba(4), mac_mls(4), SEBSD, and mac_partition(4).

	   #
	   # Default label set to be used by simple MAC applications
	   #

	   default_file_labels ?biba,?mls,?sebsd
	   default_ifnet_labels ?biba,?mls,?sebsd
	   default_process_labels ?biba,?mls,partition,?sebsd

     In this example, userland applications will attempt to retrieve Biba,
     MLS, and SEBSD labels for all object classes; for processes, they will
     additionally attempt to retrieve a Partition identifier.  In all cases
     except the Partition identifier, failure to retrieve a label due to the
     respective policy not being present will be ignored.

FILES    [Toc]    [Back]

     /etc/mac.conf  MAC library configuration file.

SEE ALSO    [Toc]    [Back]

      
       
     mac(3), mac_get(3), mac_prepare(3), mac(4), mac(9)

HISTORY    [Toc]    [Back]

     Support for Mandatory Access Control was introduced in FreeBSD 5.0 as
     part of the TrustedBSD Project.

BUGS    [Toc]    [Back]

     The TrustedBSD MAC Framework and associated policies, interfaces, and
     applications are considered to be an experimental feature in FreeBSD.
     Sites considering production deployment should keep the experimental status
 of these services in mind during any deployment process.  See also
     mac(9) for related considerations regarding the kernel framework.


FreeBSD 5.2.1			April 19, 2003			 FreeBSD 5.2.1
[ Back ]
 Similar pages
Name OS Title
pw.conf FreeBSD format of the pw.conf configuration file
config FreeBSD kernel configuration file format
ar IRIX archive (library) file format
ar Tru64 Archive (library) file format
editrc FreeBSD configuration file for editline library
hesiod.conf FreeBSD configuration file for the Hesiod library
editrc OpenBSD configuration file for editline library
DxfToIv IRIX converts an Autodesk Data Exchange File format (.DXF) file to Open Inventor 2.0 format
DXmCvtCStoFC Tru64 Converts a compound string to a file-compatible format string. Currently uses text format.
AFidentifyfd IRIX retrieve the audio file format of a file descriptor / open AFfilehandle
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service