GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
MAC_SET(3) FreeBSD Library Functions Manual MAC_SET(3)

mac_set_file, mac_set_fd, mac_set_proc
set the MAC label for a file or process

Standard C Library (libc, -lc)

#include <sys/mac.h>

int
mac_set_file(const char *path, mac_t label);

int
mac_set_link(const char *path, mac_t label);

int
mac_set_fd(int fd, mac_t label);

int
mac_set_proc(mac_t label);

The mac_set_file() and mac_set_fd() functions associate a MAC label specified by label to the file referenced to by path_p, or to the file descriptor fd, respectively. Note that when a file descriptor references a socket, label operations on the file descriptor act on the socket, not on the file that may have been used as a rendezvous when binding the socket. The mac_set_link() function is the same as mac_set_file(), except that it does not follow symlinks.

The mac_set_proc() function associates the MAC label specified by label to the calling process.

A process is allowed to set a label for a file only if it has MAC write access to the file, and its effective user ID is equal to the owner of the file, or has appropriate privileges.

The mac_set_fd(), mac_set_file(), mac_set_link(), and mac_set_proc() functions return the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to indicate the error.

[]
MAC write access to the file is denied.
[]
The fd argument is not a valid file descriptor.
[]
The label argument is not a valid MAC label, or the object referenced by fd is not appropriate for label operations.
[]
Setting MAC labels is not supported by the file referenced by fd.
[]
The calling process had insufficient privilege to change the MAC label.
[]
File system for the object being modified is read only.
[]
The length of the pathname in path_p exceeds PATH_MAX, or a component of the pathname is longer than NAME_MAX.
[]
The file referenced by path_p does not exist.
[]
A component of the pathname referenced by path_p is not a directory.

mac(3), mac_free(3), mac_get(3), mac_is_present(3), mac_prepare(3), mac_text(3), posix1e(3), mac(4), mac(9)

Support for Mandatory Access Control was introduced in FreeBSD 5.0 as part of the TrustedBSD Project.
January 14, 2003 FreeBSD 13.1-RELEASE
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.