| Main index | Section 3 | Options |
#include <sys/mac.h>
In the kernel configuration file: options MAC
MAC labels consist of a set of (name, value) tuples, representing security attributes from MAC policies. For example, this label contains security labels defined by two policies, mac_biba(4) and mac_mls(4):
biba/low,mls/low
Further syntax and semantics of MAC labels may be found in maclabel(7).
Applications operate on labels stored in mac_t, but can convert between this internal format and a text format for the purposes of presentation to uses or external storage. When querying a label on an object, a mac_t must first be prepared using the interfaces described in mac_prepare(3), allowing the application to declare which policies it wishes to interrogate. The application writer can also rely on default label names declared in mac.conf(5).
When finished with a mac_t, the application must call mac_free(3) to release its storage.
The following functions are defined:
| mac_is_present() | |
| This function, described in mac_is_present(3), allows applications to test whether MAC is configured, as well as whether specific policies are configured. | |
| mac_get_fd(,)mac_get_file(,)mac_get_link(,)mac_get_peer() | |
| These functions, described in mac_get(3), retrieve the MAC labels associated with file descriptors, files, and socket peers. | |
| mac_get_pid(,)mac_get_proc() | |
| These functions, described in mac_get(3), retrieve the MAC labels associated with processes. | |
| mac_set_fd(,)mac_set_file(,)mac_set_link() | |
| These functions, described in mac_set(3), set the MAC labels associated with file descriptors and files. | |
| mac_set_proc() | |
| This function, described in mac_set(3), sets the MAC label associated with the current process. | |
| mac_free() | |
| This function, described in mac_free(3), frees working MAC label storage. | |
| mac_from_text() | |
| This function, described in mac_text(3), converts a text-form MAC label into working MAC label storage, mac_t. | |
| mac_prepare(,)mac_prepare_file_label(,)mac_prepare_ifnet_label(,)mac_prepare_process_label(,)mac_prepare_type() | |
| These functions, described in mac_prepare(3), allocate working storage for MAC label operations. mac_prepare(3) prepares a label based on caller-specified label names; the other calls rely on the default configuration specified in mac.conf(5). | |
| mac_to_text() | |
| This function is described in mac_text(3), and may be used to convert a mac_t into a text-form MAC label. | |
| /etc/mac.conf | |
| MAC library configuration file, documented in mac.conf(5). Provides default behavior for applications aware of MAC labels on system objects, but without policy-specific knowledge. | |
| MAC (3) | July 25, 2015 |
| Main index | Section 3 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
| “ | A typical Unix /bin or /usr/bin directory contains a hundred different kinds of programs, written by dozens of egotistical programmers, each with its own syntax, operating paradigm, rules of use ... strategies for specifying options, and different sets of constraints. | ” |
| — The Unix Haters' handbook | ||