NAME
setfsmac —
set MAC label for a file
hierarchy
SYNOPSIS
setfsmac |
[-ehqvx] [-f
specfile] ... [-s
specfile] ... file ... |
DESCRIPTION
Thesetfsmac utility accepts a list of specification
files as input and sets the MAC labels on the specified file system
hierarchies. Path names specified will be visited in order as given on the
command line, and each tree will be traversed in pre-order. (Generally, it
will not be very useful to use relative paths instead of absolute paths.)
Multiple entries matching a single file will be combined and applied in a
single transaction.
The following options are available:
-e- Treat any file systems encountered which do not support MAC labelling as errors, instead of warning and skipping them.
-fspecfile- Apply the specifications in specfile to the
specified paths.
NOTE: Only the first entry for each file is applied; all others are disregarded and silently dropped.Multiple
-farguments may be specified to include multiple specification files. -h- When a symbolic link is encountered, change the label of the link rather than the file the link points to.
-q- Do not print non-fatal warnings during execution.
-sspecfile- Apply the specifications in specfile, but assume the
specification format is compatible with the SELinux
specfile format.
NOTE: Only the first entry for each file is applied; all others are disregarded and silently dropped.The prefix “
sebsd/” will be automatically prepended to the labels in specfile. Labels matching “<<none>>” will be explicitly not relabeled. This permits SEBSD to reuse existing SELinux policy specification files. -v- Increase the degree of verbosity.
-x- Do not recurse into new file systems when traversing them.
FILES
- /usr/share/security/lomac-policy.contexts
- Sample specfile containing LOMAC policy entries.
EXAMPLES
See FILES.
SEE ALSO
mac(3), mac_set_file(3), mac_set_link(3), mac(4), re_format(7), getfmac(8), setfmac(8), mac(9)
AUTHORS
This software was contributed to the FreeBSD Project by Network Associates Labs, the Security Research Division of Network Associates Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.