FreeBSD Man PagesIndex:
a.out(5)acct(5)
adduser.conf(5)
aliases(5)
amd.conf(5)
auth.conf(5)
big5(5)
bluetooth.hosts(5)
bluetooth.protocols(5)
bootparams(5)
bootptab(5)
config(5)
core(5)
crontab(5)
ctm(5)
cvs(5)
devd.conf(5)
devfs(5)
device.hints(5)
dhclient.conf(5)
dhclient.leases(5)
dhcp-eval(5)
dhcp-options(5)
dir(5)
dirent(5)
disktab(5)
editrc(5)
elf(5)
ethers(5)
euc(5)
eui64(5)
exports(5)
fbtab(5)
fdescfs(5)
finger.conf(5)
forward(5)
fs(5)
fstab(5)
ftpchroot(5)
gb18030(5)
gb2312(5)
gbk(5)
gettytab(5)
groff_font(5)
groff_out(5)
groff_tmac(5)
group(5)
hcsecd.conf(5)
hesiod.conf(5)
hosts(5)
hosts.equiv(5)
hosts.lpd(5)
hosts_access(5)
hosts_options(5)
inetd.conf(5)
info(5)
inode(5)
intro(5)
ipf(5)
ipnat(5)
ipnat.conf(5)
ipsend(5)
isdnd.acct(5)
isdnd.rates(5)
isdnd.rc(5)
kbdmap(5)
keycap(5)
keymap(5)
krb5.conf(5)
lastlog(5)
libarchive-formats(5)
libmap.conf(5)
link(5)
linprocfs(5)
loader.conf(5)
login.access(5)
login.conf(5)
mac.conf(5)
magic(5)
mailer.conf(5)
make.conf(5)
malloc.conf(5)
master.passwd(5)
moduli(5)
motd(5)
msdos(5)
msdosfs(5)
mskanji(5)
named.conf(5)
netconfig(5)
netgroup(5)
netid(5)
networks(5)
newsyslog.conf(5)
nologin(5)
nsmb.conf(5)
nsswitch.conf(5)
ntp.conf(5)
ntp.keys(5)
opieaccess(5)
opiekeys(5)
passwd(5)
pbm(5)
pccard.conf(5)
periodic.conf(5)
pf.conf(5)
pf.os(5)
phones(5)
printcap(5)
procfs(5)
protocols(5)
publickey(5)
pw.conf(5)
quota.group(5)
quota.user(5)
radius.conf(5)
rc.conf(5)
rcsfile(5)
remote(5)
resolv.conf(5)
resolver(5)
rhosts(5)
rndc.conf(5)
rpc(5)
rrenumd.conf(5)
rtadvd.conf(5)
services(5)
shells(5)
ssh_config(5)
sshd_config(5)
stab(5)
style.Makefile(5)
sysctl.conf(5)
syslog.conf(5)
tacplus.conf(5)
tar(5)
term(5)
termcap(5)
terminfo(5)
texinfo(5)
tmac(5)
ttys(5)
tzfile(5)
usbd.conf(5)
utf2(5)
utf8(5)
utmp(5)
uuencode(5)
uuencode.format(5)
vgrindefs(5)
wtmp(5)
mac.conf(5)
NAME
mac.conf -- format of the MAC library configuration file
DESCRIPTION
The mac.conf file configures the default label elements to be used by
policy-agnostic applications that operate on MAC labels. A file contains
a series of default label sets specified by object class, in addition to
blank lines and comments preceded by a `#' symbol.
Currently, the implementation supports two syntax styles for label ele-
ment declaration. The old (deprecated) syntax consists of a single line
with two fields separated by white space: the object class name, and a
list of label elements as used by the mac_prepare(3) library calls prior
to an application invocation of a function from mac_get(3).
The newer more preferred syntax consists of three fields separated by
white space: the label group, object class name and a list of label ele-
ments.
Label element names may optionally begin with a `?' symbol to indicate
that a failure to retrieve the label element for an object should be
silently ignored, and improves usability if the set of MAC policies may
change over time.
FILES
/etc/mac.conf MAC library configuration file.
EXAMPLES
The following example configures user applications to operate with four
MAC policies: mac_biba(4), mac_mls(4), SEBSD, and mac_partition(4).
#
# Default label set to be used by simple MAC applications
default_labels file ?biba,?lomac,?mls,?sebsd
default_labels ifnet ?biba,?lomac,?mls,?sebsd
default_labels process ?biba,?lomac,?mls,?partition,?sebsd
default_labels socket ?biba,?lomac,?mls
#
# Deprecated (old) syntax
default_file_labels ?biba,?mls,?sebsd
default_ifnet_labels ?biba,?mls,?sebsd
default_process_labels ?biba,?mls,partition,?sebsd
In this example, userland applications will attempt to retrieve Biba,
MLS, and SEBSD labels for all object classes; for processes, they will
additionally attempt to retrieve a Partition identifier. In all cases
except the Partition identifier, failure to retrieve a label due to the
respective policy not being present will be ignored.
SEE ALSO
mac(3), mac_get(3), mac_prepare(3), mac(4), mac(9)
HISTORY
Support for Mandatory Access Control was introduced in FreeBSD 5.0 as
FreeBSD 5.4 April 19, 2003 FreeBSD 5.4
SPONSORED LINKS
Man(1) output converted with man2html , sed , awk