xref: /freebsd/lib/libc/posix1e/mac_set.3 (revision fa9896e082a1046ff4fbc75fcba4d18d1f2efc19) 
1d97fcfceSRobert Watson.\" Copyright (c) 2001 Networks Associates Technology, Inc.
2d97fcfceSRobert Watson.\" All rights reserved.
3d97fcfceSRobert Watson.\"
4d97fcfceSRobert Watson.\" This software was developed for the FreeBSD Project by Chris
5d97fcfceSRobert Watson.\" Costello at Safeport Network Services and NAI Labs, the Security
6d97fcfceSRobert Watson.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7d97fcfceSRobert Watson.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8d97fcfceSRobert Watson.\" research program.
9d97fcfceSRobert Watson.\"
10d97fcfceSRobert Watson.\" Redistribution and use in source and binary forms, with or without
11d97fcfceSRobert Watson.\" modification, are permitted provided that the following conditions
12d97fcfceSRobert Watson.\" are met:
13d97fcfceSRobert Watson.\" 1. Redistributions of source code must retain the above copyright
14d97fcfceSRobert Watson.\"    notice, this list of conditions and the following disclaimer.
15d97fcfceSRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright
16d97fcfceSRobert Watson.\"    notice, this list of conditions and the following disclaimer in the
17d97fcfceSRobert Watson.\"    documentation and/or other materials provided with the distribution.
18d97fcfceSRobert Watson.\"
19d97fcfceSRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20d97fcfceSRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21d97fcfceSRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22d97fcfceSRobert Watson.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23d97fcfceSRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24d97fcfceSRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25d97fcfceSRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26d97fcfceSRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27d97fcfceSRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28d97fcfceSRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29d97fcfceSRobert Watson.\" SUCH DAMAGE.
30d97fcfceSRobert Watson.\"
31e4ee15b1SChris Costello.Dd January 14, 2003
32d97fcfceSRobert Watson.Dt MAC_SET 3
33051bb54bSRuslan Ermilov.Os
34d97fcfceSRobert Watson.Sh NAME
35d97fcfceSRobert Watson.Nm mac_set_file ,
36d97fcfceSRobert Watson.Nm mac_set_fd ,
37d97fcfceSRobert Watson.Nm mac_set_proc
38d97fcfceSRobert Watson.Nd set the MAC label for a file or process
39d97fcfceSRobert Watson.Sh LIBRARY
40d97fcfceSRobert Watson.Lb libc
41d97fcfceSRobert Watson.Sh SYNOPSIS
42d97fcfceSRobert Watson.In sys/mac.h
43d97fcfceSRobert Watson.Ft int
44e4ee15b1SChris Costello.Fn mac_set_file "const char *path" "mac_t label"
45e4ee15b1SChris Costello.Ft int
46e4ee15b1SChris Costello.Fn mac_set_link "const char *path" "mac_t label"
47d97fcfceSRobert Watson.Ft int
48d97fcfceSRobert Watson.Fn mac_set_fd "int fd" "mac_t label"
49d97fcfceSRobert Watson.Ft int
50d97fcfceSRobert Watson.Fn mac_set_proc "mac_t label"
51d97fcfceSRobert Watson.Sh DESCRIPTION
52d97fcfceSRobert WatsonThe
53d97fcfceSRobert Watson.Fn mac_set_file
54d97fcfceSRobert Watsonand
55d97fcfceSRobert Watson.Fn mac_set_fd
56d97fcfceSRobert Watsonfunctions associate a MAC label
57d97fcfceSRobert Watsonspecified by
58d97fcfceSRobert Watson.Fa label
59d97fcfceSRobert Watsonto the file referenced to by
60d97fcfceSRobert Watson.Fa path_p ,
61d97fcfceSRobert Watsonor to the file descriptor
62d97fcfceSRobert Watson.Fa fd ,
633b296920SRuslan Ermilovrespectively.
64237a5de8SRobert WatsonNote that when a file descriptor references a socket, label operations
65237a5de8SRobert Watsonon the file descriptor act on the socket, not on the file that may
66237a5de8SRobert Watsonhave been used as a rendezvous when binding the socket.
67d97fcfceSRobert WatsonThe
68e4ee15b1SChris Costello.Fn mac_set_link
69e4ee15b1SChris Costellofunction is the same as
70e4ee15b1SChris Costello.Fn mac_set_file ,
71e4ee15b1SChris Costelloexcept that it does not follow symlinks.
72237a5de8SRobert Watson.Pp
73e4ee15b1SChris CostelloThe
74d97fcfceSRobert Watson.Fn mac_set_proc
75d97fcfceSRobert Watsonfunction associates the MAC label
76d97fcfceSRobert Watsonspecified by
77d97fcfceSRobert Watson.Fa label
78d97fcfceSRobert Watsonto the calling process.
79d97fcfceSRobert Watson.Pp
80d97fcfceSRobert WatsonA process is allowed to set a label for a file
81d97fcfceSRobert Watsononly if it has MAC write access to the file,
823b296920SRuslan Ermilovand its effective user ID is equal to
83d97fcfceSRobert Watsonthe owner of the file,
84d97fcfceSRobert Watsonor has appropriate privileges.
85d97fcfceSRobert Watson.Sh RETURN VALUES
8676a829fdSChris Costello.Rv -std mac_set_fd mac_set_file mac_set_link mac_set_proc
87d97fcfceSRobert Watson.Sh ERRORS
88d97fcfceSRobert Watson.Bl -tag -width Er
89d97fcfceSRobert Watson.It Bq Er EACCES
90d97fcfceSRobert WatsonMAC write access to the file is denied.
91d97fcfceSRobert Watson.It Bq Er EBADF
922efeeba5SRuslan ErmilovThe
93d97fcfceSRobert Watson.Fa fd
942efeeba5SRuslan Ermilovargument
95d97fcfceSRobert Watsonis not a valid file descriptor.
96d97fcfceSRobert Watson.It Bq Er EINVAL
972efeeba5SRuslan ErmilovThe
98d97fcfceSRobert Watson.Fa label
992efeeba5SRuslan Ermilovargument
100237a5de8SRobert Watsonis not a valid MAC label, or the object referenced by
101237a5de8SRobert Watson.Fa fd
102237a5de8SRobert Watsonis not appropriate for label operations.
103d97fcfceSRobert Watson.It Bq Er EOPNOTSUPP
104d97fcfceSRobert WatsonSetting MAC labels is not supported
105d97fcfceSRobert Watsonby the file referenced by
106d97fcfceSRobert Watson.Fa fd .
107d97fcfceSRobert Watson.It Bq Er EPERM
10857bd0fc6SJens SchweikhardtThe calling process had insufficient privilege
109d97fcfceSRobert Watsonto change the MAC label.
110d97fcfceSRobert Watson.It Bq Er EROFS
111d97fcfceSRobert WatsonFile system for the object being modified
112d97fcfceSRobert Watsonis read only.
113d97fcfceSRobert Watson.It Bq Er ENAMETOOLONG
114d97fcfceSRobert Watson.\" XXX POSIX_NO_TRUNC?
115d97fcfceSRobert WatsonThe length of the pathname in
116d97fcfceSRobert Watson.Fa path_p
117d97fcfceSRobert Watsonexceeds
118d97fcfceSRobert Watson.Dv PATH_MAX ,
119d97fcfceSRobert Watsonor a component of the pathname
120d97fcfceSRobert Watsonis longer than
121d97fcfceSRobert Watson.Dv NAME_MAX .
122d97fcfceSRobert Watson.It Bq Er ENOENT
123d97fcfceSRobert WatsonThe file referenced by
124d97fcfceSRobert Watson.Fa path_p
125d97fcfceSRobert Watsondoes not exist.
126d97fcfceSRobert Watson.It Bq Er ENOTDIR
127d97fcfceSRobert WatsonA component of the pathname
128d97fcfceSRobert Watsonreferenced by
129d97fcfceSRobert Watson.Fa path_p
130d97fcfceSRobert Watsonis not a directory.
1313b296920SRuslan Ermilov.El
132c75fc229SChris Costello.Sh SEE ALSO
133d97fcfceSRobert Watson.Xr mac 3 ,
134d97fcfceSRobert Watson.Xr mac_free 3 ,
1353b296920SRuslan Ermilov.Xr mac_get 3 ,
1361e5294bcSRobert Watson.Xr mac_is_present 3 ,
13776a829fdSChris Costello.Xr mac_prepare 3 ,
138c75fc229SChris Costello.Xr mac_text 3 ,
1393a67af38SRobert Watson.Xr posix1e 3 ,
140c75fc229SChris Costello.Xr mac 4 ,
141c75fc229SChris Costello.Xr mac 9
14209a7f448SRobert Watson.Sh HISTORY
14309a7f448SRobert WatsonSupport for Mandatory Access Control was introduced in
14409a7f448SRobert Watson.Fx 5.0
14509a7f448SRobert Watsonas part of the
14609a7f448SRobert Watson.Tn TrustedBSD
14709a7f448SRobert WatsonProject.
148