man.bsd.lv manual page server

Manual Page Search Parameters

SETFSMAC(8) System Manager's Manual SETFSMAC(8)

setfsmacset MAC label for a file hierarchy

setfsmac [-ehqvx] [-f specfile] ... [-s specfile] ... file ...

The setfsmac utility accepts a list of specification files as input and sets the MAC labels on the specified file system hierarchies. Path names specified will be visited in order as given on the command line, and each tree will be traversed in pre-order. (Generally, it will not be very useful to use relative paths instead of absolute paths.) Multiple entries matching a single file will be combined and applied in a single transaction.

The following options are available:

Treat any file systems encountered which do not support MAC labelling as errors, instead of warning and skipping them.
specfile
Apply the specifications in specfile to the specified paths.
NOTE: Only the first entry for each file is applied; all others are disregarded and silently dropped.
Multiple -f arguments may be specified to include multiple specification files.
When a symbolic link is encountered, change the label of the link rather than the file the link points to.
Do not print non-fatal warnings during execution.
specfile
Apply the specifications in specfile, but assume the specification format is compatible with the SELinux specfile format.
NOTE: Only the first entry for each file is applied; all others are disregarded and silently dropped.
The prefix “sebsd/” will be automatically prepended to the labels in specfile. Labels matching “<<none>>” will be explicitly not relabeled. This permits SEBSD to reuse existing SELinux policy specification files.
Increase the degree of verbosity.
Do not recurse into new file systems when traversing them.

/usr/share/security/lomac-policy.contexts
Sample specfile containing LOMAC policy entries.

See FILES.

mac(3), mac_set_file(3), mac_set_link(3), mac(4), re_format(7), getfmac(8), setfmac(8), mac(9)

This software was contributed to the FreeBSD Project by Network Associates Labs, the Security Research Division of Network Associates Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.

February 17, 2004 FreeBSD-12.0