1 .\" Copyright (c) 2001 Networks Associates Technology, Inc.
2 .\" All rights reserved.
4 .\" This software was developed for the FreeBSD Project by Chris
5 .\" Costello at Safeport Network Services and NAI Labs, the Security
6 .\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7 .\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
10 .\" Redistribution and use in source and binary forms, with or without
11 .\" modification, are permitted provided that the following conditions
13 .\" 1. Redistributions of source code must retain the above copyright
14 .\" notice, this list of conditions and the following disclaimer.
15 .\" 2. Redistributions in binary form must reproduce the above copyright
16 .\" notice, this list of conditions and the following disclaimer in the
17 .\" documentation and/or other materials provided with the distribution.
19 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 .Nd set the MAC label for a file or process
46 .Fn mac_set_file "const char *path" "mac_t label"
48 .Fn mac_set_link "const char *path" "mac_t label"
50 .Fn mac_set_fd "int fd" "mac_t label"
52 .Fn mac_set_proc "mac_t label"
58 functions associate a MAC label
61 to the file referenced to by
63 or to the file descriptor
66 Note that when a file descriptor references a socket, label operations
67 on the file descriptor act on the socket, not on the file that may
68 have been used as a rendezvous when binding the socket.
71 function is the same as
73 except that it does not follow symlinks.
77 function associates the MAC label
80 to the calling process.
82 A process is allowed to set a label for a file
83 only if it has MAC write access to the file,
84 and its effective user ID is equal to
85 the owner of the file,
86 or has appropriate privileges.
88 .Rv -std mac_set_fd mac_set_file mac_set_link mac_set_proc
92 MAC write access to the file is denied.
97 is not a valid file descriptor.
102 is not a valid MAC label, or the object referenced by
104 is not appropriate for label operations.
106 Setting MAC labels is not supported
107 by the file referenced by
110 The calling process had insufficient privilege
111 to change the MAC label.
113 File system for the object being modified
115 .It Bq Er ENAMETOOLONG
116 .\" XXX POSIX_NO_TRUNC?
117 The length of the pathname in
121 or a component of the pathname
125 The file referenced by
129 A component of the pathname
138 .Xr mac_is_present 3 ,
145 Support for Mandatory Access Control was introduced in