The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

mac (3)
  • mac (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  • >> mac (3) ( FreeBSD man: Библиотечные вызовы )
  • mac (4) ( FreeBSD man: Специальные файлы /dev/* )
  • mac (9) ( FreeBSD man: Ядро )
  • Ключ mac обнаружен в базе ключевых слов.

  • BSD mandoc
     

    NAME

    
    
    mac
    
     - introduction to the MAC security API
    
     
    

    LIBRARY

    Lb libc
    
     
    

    SYNOPSIS

       #include <sys/mac.h>

    In the kernel configuration file: options MAC  

    DESCRIPTION

    Fx permits administrators to define Mandatory Access Control labels defining levels for the privacy and integrity of data, overriding discretionary policies for those objects. Not all objects currently provide support for MAC labels, and MAC support must be explicitly enabled by the administrator. The library calls include routines to retrieve, duplicate, and set MAC labels associated with files and processes.

    POSIX.1e describes a set of MAC manipulation routines to manage the contents of MAC labels, as well as their relationships with files and processes; almost all of these support routines are implemented in Fx .

    Available functions, sorted by behavior, include:

    Fn mac_get_fd
    This function is described in mac_get3, and may be used to retrieve the MAC label associated with a specific file descriptor.
    Fn mac_get_file
    This function is described in mac_get3, and may be used to retrieve the MAC label associated with a named file.
    Fn mac_get_proc
    This function is described in mac_get3, and may be used to retrieve the MAC label associated with the calling process.
    Fn mac_set_fd
    This function is described in mac_set3, and may be used to set the MAC label associated with a specific file descriptor.
    Fn mac_set_file
    This function is described in mac_set3, and may be used to set the MAC label associated with a named file.
    Fn mac_set_proc
    This function is described in mac_set3, and may be used to set the MAC label associated with the calling process.
    Fn mac_free
    This function is described in mac_free3, and may be used to free userland working MAC label storage.
    Fn mac_from_text
    This function is described in mac_text3, and may be used to convert a text-form MAC label into a working Vt mac_t .
    Fn mac_prepare
    Fn mac_prepare_file_label
    Fn mac_prepare_ifnet_label
    Fn mac_prepare_process_label
    These functions are described in mac_prepare3, and may be used to preallocate storage for MAC label retrieval. mac_prepare3 prepares a label based on caller-specified label names; the other calls rely on the default configuration specified in mac.conf5.
    Fn mac_to_text
    This function is described in mac_text3, and may be used to convert a Vt mac_t into a text-form MAC label.

    The behavior of some of these calls is influenced by the configuration settings found in mac.conf5, the MAC library run-time configuration file.  

    IMPLEMENTATION NOTES

    Fx Ns 's support for POSIX.1e interfaces and features is Ud .  

    FILES

    /etc/mac.conf
    MAC library configuration file, documented in mac.conf5. Provides default behavior for applications aware of MAC labels on system objects, but without policy-specific knowledge.

     

    SEE ALSO

    mac_free3, mac_get3, mac_prepare3, mac_set3, mac_text3, mac(4), mac.conf5, mac(9)  

    STANDARDS

    These APIs are loosely based on the APIs described in POSIX.1e. POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion of the draft continues on the cross-platform POSIX.1e implementation mailing list. To join this list, see the Fx POSIX.1e implementation page for more information. However, the resemblance of these APIs to the POSIX APIs is only loose, as the POSIX APIs were unable to express many notions required for flexible and extensible access control.  

    HISTORY

    Support for Mandatory Access Control was introduced in Fx 5.0 as part of the TrustedBSD Project.  

    BUGS

    The TrustedBSD MAC Framework and associated policies, interfaces, and applications are considered to be an experimental feature in Fx . Sites considering production deployment should keep the experimental status of these services in mind during any deployment process. See also mac(9) for related considerations regarding the kernel framework.


     

    Index

    NAME
    LIBRARY
    SYNOPSIS
    DESCRIPTION
    IMPLEMENTATION NOTES
    FILES
    SEE ALSO
    STANDARDS
    HISTORY
    BUGS


    Поиск по тексту MAN-ов: 




    Спонсоры:
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2020 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру