MACLABEL(7) BSD Miscellaneous Information Manual MACLABEL(7)NAME
maclabel -- Mandatory Access Control label format
If Mandatory Access Control, or MAC, is enabled in the kernel, then in addition to the traditional credentials, each subject (typically a
user or a socket) and object (file system object, socket, etc.) is given a MAC label. The MAC label specifies the necessary subject-specific
or object-specific information necessary for a MAC security policy to enforce access control on the subject/object.
The format for a MAC label is defined as follows:
A MAC label consists of a policy name, followed by a forward slash, followed by the subject or object's qualifier, optionally followed by a
comma and one or more additional policy labels. For example:
SEE ALSO mac(3), posix1e(3), mac_biba(4), mac_bsdextended(4), mac_ifoff(4), mac_mls(4), mac_none(4), mac_partition(4), mac_seeotheruids(4),
mac_test(4), login.conf(5), getfmac(8), getpmac(8), ifconfig(8), setfmac(8), setpmac(8), mac(9)HISTORY
MAC first appeared in FreeBSD 5.0.
This software was contributed to the FreeBSD Project by NAI Labs, the Security Research Division of Network Associates Inc. under
DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.
BSD October 25, 2002 BSD
Check Out this Related Man Page
MAC_PARTITION(4) BSD Kernel Interfaces Manual MAC_PARTITION(4)NAME
mac_partition -- process partition policy
To compile the process partition policy into your kernel, place the following lines in your kernel configuration file:
Alternately, to load the process partition module at boot time, place the following line in your kernel configuration file:
and in loader.conf(5):
The mac_partition policy module implements a process partition policy, which allows administrators to place running processes into
``partitions'', based on their numeric process partition (specified in the process's MAC label). Processes with a specified partition can
only see processes that are in the same partition. If no partition is specified for a process, it can see all other processes in the system
(subject to other MAC policy restrictions not defined in this man page). No provisions for placing processes into multiple partitions are
Partition labels take on the following format:
Where value can be any integer value or ``none''. For example:
SEE ALSO mac(4), mac_biba(4), mac_bsdextended(4), mac_ifoff(4), mac_lomac(4), mac_mls(4), mac_none(4), mac_portacl(4), mac_seeotheruids(4),
mac_test(4), maclabel(7), mac(9)HISTORY
The mac_partition policy module first appeared in FreeBSD 5.0 and was developed by the TrustedBSD Project.
This software was contributed to the FreeBSD Project by Network Associates Labs, the Security Research Division of Network Associates Inc.
under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.
See mac(9) concerning appropriateness for production use. The TrustedBSD MAC Framework is considered experimental in FreeBSD.
While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by
entry point checks. As such, MAC Framework policies should not be relied on, in isolation, to protect against a malicious privileged user.
BSD December 9, 2002 BSD
Is there a way to forward email from email@example.com to firstname.lastname@example.org only when the subject line is "this subject"?
I figure it would be done with .forward somehow if it is possible.
I'm using Red Hat 9 and sendmail. (4 Replies)
I havent been using UNIX for that long, so this question might sound quite stupid to most of you. I want to know how to mask my MAC address
I found a command on how to do it but I dont think it works:
"ifconfig <interface> link <address>"
Unfortunately being the n00b I am, I dont really even... (1 Reply)
i wanted to know how to change the MAC id of the machine i`m using.. I know the MAC is permanent n on the ROM, but i wanted to know if there was any way to change it during tht particular session..
also.. if it was possible.. could it be kept changed for sometime...? (8 Replies)
I have a large number of text files outputted from various Netstumbler Wireless Scans; from which I need to extract the MAC addresses of the various Access Points.
The Text files look like this:
# $Creator: Network Stumbler Version 0.4.0
# $Format: wi-scan summary with... (9 Replies)
I have an app which reads MAC address. I read that Solaris 10 8/07 offers the solution to set MAC address for each container but I cannot find how to do that in any docs I found on Sun :( do you know how ?
True that installed I only have Solaris 10 5/08. In a container zone it generates... (3 Replies)
I am a MAC user evaluating electronic medical record software. I found a package which is UNIX server based. Can anyone tell me if MAC OS X can be used in this situation. The software is nexgen (www.nexgen.com).
How UNIX "compatible" is MAC OS X?
I apologize for my very limited UNIX... (7 Replies)
I have a ksh script and would like to validate a MAC address that is input by the user:
MAC=`/usr/bin/ckint -p "Enter MAC address"`
echo " "
Obviously chkint will not work, but does anyone have any suggestions?
Thanks (9 Replies)
Hello, I need to write a program using C language which allow me to change the IP and MAC addresses of a given interface... Now I fork the process and by exec I'm using the "ifconfig interf X.X.X.X" command... but i can't use this solution because i have to avoid the context switch... Can someone... (4 Replies)
I am new to Linux. I have just purchased Apple MACPRO with 12 core, 32 GB RAM, 2TB hard drive, MAC OS Lion installed. I want to install Linux server on this machine.And can I run both MAC OS Lion and Linux Server side by side ? Can I put all my data at one place and use that data from any... (5 Replies)
can anyone help me with getpmac how it works? i'm trying to know what is the current label of the (each) user?
and can i do it with maclabel as well?
btw i'm using FreeBSD 6.2
ned (3 Replies)
Hey Guys and Gals,
I am having trouble with what I thought shouldn't be hard..
In a script I am working on there is a need to enter a MAC address.
MAC addresses are formatted ;
where X can be 0-9, a-f or A-F
So in the sample script the query is something... (4 Replies)