:man| Alphabetical   Categories   About us 
 
MACLABEL (7) | Miscellanea | Unix Manual Pages | :man

NAME

maclabel - Mandatory Access Control label format

CONTENTS

Description
See Also
History
Authors

DESCRIPTION

If Mandatory Access Control, or MAC, is enabled in the kernel, then in addition to the traditional credentials, each subject (typically a user or a socket) and object (file system object, socket, etc.) is given a "MAC label". The MAC label specifies the necessary subject-specific or object-specific information necessary for a MAC security policy to enforce access control on the subject/object.

The format for a MAC label is defined as follows:


.Sm off
.Sm on

A MAC label consists of a policy name, followed by a forward slash, followed by the subject or object’s qualifier, optionally followed by a comma and one or more additional policy labels. For example:
biba/low(low-low)
biba/high(low-high),mls/equal(equal-equal),partition/0

SEE ALSO

mac(3), posix1e(3), mac_biba(4), mac_bsdextended(4), mac_ifoff(4), mac_mls(4), mac_none(4), mac_partition(4), mac_seeotheruids(4), mac_test(4), login.conf(5), getfmac(8), getpmac(8), ifconfig(8), setfmac(8), setpmac(8), mac(9)

HISTORY

AUTHORS


Share this page

     Follow us

Facebook Twitter Google+ LinkedIn


 
Created by Blin Media, 2008-2013