Lines Matching +full:mac +full:- +full:only
7 .\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
35 .Nm mac
38 .Cd "options MAC"
41 The Mandatory Access Control, or MAC, framework allows administrators to
44 It is important to note that due to its nature, MAC security policies may
45 only restrict access relative to one another and the base system policy;
50 Currently, the following MAC policy modules are shipped with
52 .Bl -column ".Xr mac_seeotheruids 4" "ddb(4) interface restrictions" ".Em Labeling" "boot only"
54 .It Xr mac_biba 4 Ta "Biba integrity policy" Ta yes Ta boot only
60 .It Xr mac_lomac 4 Ta "Low-Watermark MAC policy" Ta yes Ta boot only
61 .It Xr mac_mls 4 Ta "Confidentiality policy" Ta yes Ta boot only
62 .It Xr mac_ntpd 4 Ta "Non-root NTP Daemon policy" Ta no Ta any time
66 .It Xr mac_seeotheruids 4 Ta "See-other-UIDs policy" Ta no Ta any time
67 .It Xr mac_test 4 Ta "MAC testing policy" Ta no Ta any time
69 .Ss MAC Labels
71 (file system objects, sockets, etc.) can carry with it a MAC label.
75 Most MAC labels on system subjects and objects
80 More information on the format for MAC labels can be found in the
83 .Ss MAC Support for UFS2 File Systems
84 By default, file system enforcement of labeled MAC policies relies on
87 .Sx "MAC Labels" )
99 flag, drop to single-user mode and unmount the file system,
102 .Dl "tunefs -l enable" Ar filesystem
115 .Bl -ohang
160 .Ss Setting MAC Labels
162 and modifying its MAC policy label.
163 .Bl -column "user (by login class)" "Xr setfmac 8 , Xr setfsmac 8" -offset indent
177 .Ss Programming With MAC
186 .Xr mac 3
191 .\" .It Va security.mac.mmap_revocation
195 .\" .It Va security.mac.mmap_revocation_via_cow
198 .\" access to files via copy-on-write semantics;
203 .Xr mac 3 ,
226 .Xr mac 9
230 .%U https://docs.FreeBSD.org/en/books/handbook/mac/
246 under DARPA/SPAWAR contract N66001-01-C-8035
250 While the MAC Framework design is intended to support the containment of
253 As such, MAC Framework policies should not be relied on, in isolation,