:man| Alphabetical   Categories   About us 
 
MAC (3) | C library functions | Unix Manual Pages | :man

NAME

mac - introduction to the MAC security API

CONTENTS

Library
Synopsis
Description
Implementation Notes
Files
See Also
Standards
History
Bugs

LIBRARY


.Lb libc

SYNOPSIS


.In sys/mac.h

In the kernel configuration file:
.Cd "options MAC"

DESCRIPTION


.Fx permits administrators to define Mandatory Access Control labels defining levels for the privacy and integrity of data, overriding discretionary policies for those objects. Not all objects currently provide support for MAC labels, and MAC support must be explicitly enabled by the administrator. The library calls include routines to retrieve, duplicate, and set MAC labels associated with files and processes.

POSIX.1e describes a set of MAC manipulation routines to manage the contents of MAC labels, as well as their relationships with files and processes; almost all of these support routines are implemented in
.Fx .

Available functions, sorted by behavior, include:

mac_get_fd
This function is described in mac_get(3), and may be used to retrieve the MAC label associated with a specific file descriptor.
mac_get_file
This function is described in mac_get(3), and may be used to retrieve the MAC label associated with a named file.
mac_get_proc
This function is described in mac_get(3), and may be used to retrieve the MAC label associated with the calling process.
mac_set_fd
This function is described in mac_set(3), and may be used to set the MAC label associated with a specific file descriptor.
mac_set_file
This function is described in mac_set(3), and may be used to set the MAC label associated with a named file.
mac_set_proc
This function is described in mac_set(3), and may be used to set the MAC label associated with the calling process.
mac_free
This function is described in mac_free(3), and may be used to free userland working MAC label storage.
mac_from_text
This function is described in mac_text(3), and may be used to convert a text-form MAC label into a working
.Vt mac_t .
mac_prepare
mac_prepare_file_label
mac_prepare_ifnet_label
mac_prepare_process_label
These functions are described in mac_prepare(3), and may be used to preallocate storage for MAC label retrieval. mac_prepare(3) prepares a label based on caller-specified label names; the other calls rely on the default configuration specified in mac.conf(5).
mac_to_text
This function is described in mac_text(3), and may be used to convert a
.Vt mac_t into a text-form MAC label.
The behavior of some of these calls is influenced by the configuration settings found in mac.conf(5), the MAC library run-time configuration file.

IMPLEMENTATION NOTES


.Fx Ns ’s support for POSIX.1e interfaces and features is
.Ud .

FILES

/etc/mac.conf MAC library configuration file, documented in mac.conf(5). Provides default behavior for applications aware of MAC labels on system objects, but without policy-specific knowledge.

SEE ALSO

mac_free(3), mac_get(3), mac_prepare(3), mac_set(3), mac_text(3), mac(4), mac.conf(5), mac(9)

STANDARDS

HISTORY

BUGS

mac(9)

 
Created by Blin Media, 2008-2013