Manual Page Search Parameters
mac_set_fd, mac_set_file, mac_set_proc(3) set the MAC label for a file or process
mac_set, mac_set_file, mac_set_fd, mac_set_proc(3) set the MAC label for a file or process
mac_set_file, mac_set_fd, mac_set_proc(3) set the MAC label for a file or process
mac_set_link, mac_set_file, mac_set_fd, mac_set_proc(3) set the MAC label for a file or process
mac_set_proc, mac_set_file, mac_set_fd(3) set the MAC label for a file or process
MAC_SET(3) MidnightBSD Library Functions Manual MAC_SET(3)

mac_set_file, mac_set_fd, mac_set_procset the MAC label for a file or process

Standard C Library (libc, -lc)

#include <sys/mac.h>

int
mac_set_file(const char *path, mac_t label);

int
mac_set_link(const char *path, mac_t label);

int
mac_set_fd(int fd, mac_t label);

int
mac_set_proc(mac_t label);

The () and () functions associate a MAC label specified by label to the file referenced to by path_p, or to the file descriptor fd, respectively. Note that when a file descriptor references a socket, label operations on the file descriptor act on the socket, not on the file that may have been used as a rendezvous when binding the socket. The () function is the same as mac_set_file(), except that it does not follow symlinks.

The () function associates the MAC label specified by label to the calling process.

A process is allowed to set a label for a file only if it has MAC write access to the file, and its effective user ID is equal to the owner of the file, or has appropriate privileges.

The mac_set_fd(), mac_set_file(), mac_set_link(), and mac_set_proc() functions return the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to indicate the error.

[]
MAC write access to the file is denied.
[]
The fd argument is not a valid file descriptor.
[]
The label argument is not a valid MAC label, or the object referenced by fd is not appropriate for label operations.
[]
Setting MAC labels is not supported by the file referenced by fd.
[]
The calling process had insufficient privilege to change the MAC label.
[]
File system for the object being modified is read only.
[]
The length of the pathname in path_p exceeds PATH_MAX, or a component of the pathname is longer than NAME_MAX.
[]
The file referenced by path_p does not exist.
[]
A component of the pathname referenced by path_p is not a directory.

mac(3), mac_free(3), mac_get(3), mac_is_present(3), mac_prepare(3), mac_text(3), posix1e(3), mac(4), mac(9)

Support for Mandatory Access Control was introduced in FreeBSD 5.0 as part of the TrustedBSD Project.

January 14, 2003 midnightbsd-3.1