xref: /freebsd/lib/libc/posix1e/mac_set.3 (revision 237a5de859e2e0aec02d082804c88d9ee1f95be6)
1d97fcfceSRobert Watson.\" Copyright (c) 2001 Networks Associates Technology, Inc.
2d97fcfceSRobert Watson.\" All rights reserved.
3d97fcfceSRobert Watson.\"
4d97fcfceSRobert Watson.\" This software was developed for the FreeBSD Project by Chris
5d97fcfceSRobert Watson.\" Costello at Safeport Network Services and NAI Labs, the Security
6d97fcfceSRobert Watson.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7d97fcfceSRobert Watson.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8d97fcfceSRobert Watson.\" research program.
9d97fcfceSRobert Watson.\"
10d97fcfceSRobert Watson.\" Redistribution and use in source and binary forms, with or without
11d97fcfceSRobert Watson.\" modification, are permitted provided that the following conditions
12d97fcfceSRobert Watson.\" are met:
13d97fcfceSRobert Watson.\" 1. Redistributions of source code must retain the above copyright
14d97fcfceSRobert Watson.\"    notice, this list of conditions and the following disclaimer.
15d97fcfceSRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright
16d97fcfceSRobert Watson.\"    notice, this list of conditions and the following disclaimer in the
17d97fcfceSRobert Watson.\"    documentation and/or other materials provided with the distribution.
18d97fcfceSRobert Watson.\"
19d97fcfceSRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20d97fcfceSRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21d97fcfceSRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22d97fcfceSRobert Watson.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23d97fcfceSRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24d97fcfceSRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25d97fcfceSRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26d97fcfceSRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27d97fcfceSRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28d97fcfceSRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29d97fcfceSRobert Watson.\" SUCH DAMAGE.
30d97fcfceSRobert Watson.\"
31d97fcfceSRobert Watson.\" $FreeBSD$
323b296920SRuslan Ermilov.\"
33e4ee15b1SChris Costello.Dd January 14, 2003
34d97fcfceSRobert Watson.Dt MAC_SET 3
35051bb54bSRuslan Ermilov.Os
36d97fcfceSRobert Watson.Sh NAME
37d97fcfceSRobert Watson.Nm mac_set_file ,
38d97fcfceSRobert Watson.Nm mac_set_fd ,
39d97fcfceSRobert Watson.Nm mac_set_proc
40d97fcfceSRobert Watson.Nd set the MAC label for a file or process
41d97fcfceSRobert Watson.Sh LIBRARY
42d97fcfceSRobert Watson.Lb libc
43d97fcfceSRobert Watson.Sh SYNOPSIS
44d97fcfceSRobert Watson.In sys/mac.h
45d97fcfceSRobert Watson.Ft int
46e4ee15b1SChris Costello.Fn mac_set_file "const char *path" "mac_t label"
47e4ee15b1SChris Costello.Ft int
48e4ee15b1SChris Costello.Fn mac_set_link "const char *path" "mac_t label"
49d97fcfceSRobert Watson.Ft int
50d97fcfceSRobert Watson.Fn mac_set_fd "int fd" "mac_t label"
51d97fcfceSRobert Watson.Ft int
52d97fcfceSRobert Watson.Fn mac_set_proc "mac_t label"
53d97fcfceSRobert Watson.Sh DESCRIPTION
54d97fcfceSRobert WatsonThe
55d97fcfceSRobert Watson.Fn mac_set_file
56d97fcfceSRobert Watsonand
57d97fcfceSRobert Watson.Fn mac_set_fd
58d97fcfceSRobert Watsonfunctions associate a MAC label
59d97fcfceSRobert Watsonspecified by
60d97fcfceSRobert Watson.Fa label
61d97fcfceSRobert Watsonto the file referenced to by
62d97fcfceSRobert Watson.Fa path_p ,
63d97fcfceSRobert Watsonor to the file descriptor
64d97fcfceSRobert Watson.Fa fd ,
653b296920SRuslan Ermilovrespectively.
66237a5de8SRobert WatsonNote that when a file descriptor references a socket, label operations
67237a5de8SRobert Watsonon the file descriptor act on the socket, not on the file that may
68237a5de8SRobert Watsonhave been used as a rendezvous when binding the socket.
69d97fcfceSRobert WatsonThe
70e4ee15b1SChris Costello.Fn mac_set_link
71e4ee15b1SChris Costellofunction is the same as
72e4ee15b1SChris Costello.Fn mac_set_file ,
73e4ee15b1SChris Costelloexcept that it does not follow symlinks.
74237a5de8SRobert Watson.Pp
75e4ee15b1SChris CostelloThe
76d97fcfceSRobert Watson.Fn mac_set_proc
77d97fcfceSRobert Watsonfunction associates the MAC label
78d97fcfceSRobert Watsonspecified by
79d97fcfceSRobert Watson.Fa label
80d97fcfceSRobert Watsonto the calling process.
81d97fcfceSRobert Watson.Pp
82d97fcfceSRobert WatsonA process is allowed to set a label for a file
83d97fcfceSRobert Watsononly if it has MAC write access to the file,
843b296920SRuslan Ermilovand its effective user ID is equal to
85d97fcfceSRobert Watsonthe owner of the file,
86d97fcfceSRobert Watsonor has appropriate privileges.
87d97fcfceSRobert Watson.Sh RETURN VALUES
8876a829fdSChris Costello.Rv -std mac_set_fd mac_set_file mac_set_link mac_set_proc
89d97fcfceSRobert Watson.Sh ERRORS
90d97fcfceSRobert Watson.Bl -tag -width Er
91d97fcfceSRobert Watson.It Bq Er EACCES
92d97fcfceSRobert WatsonMAC write access to the file is denied.
93d97fcfceSRobert Watson.It Bq Er EBADF
942efeeba5SRuslan ErmilovThe
95d97fcfceSRobert Watson.Fa fd
962efeeba5SRuslan Ermilovargument
97d97fcfceSRobert Watsonis not a valid file descriptor.
98d97fcfceSRobert Watson.It Bq Er EINVAL
992efeeba5SRuslan ErmilovThe
100d97fcfceSRobert Watson.Fa label
1012efeeba5SRuslan Ermilovargument
102237a5de8SRobert Watsonis not a valid MAC label, or the object referenced by
103237a5de8SRobert Watson.Fa fd
104237a5de8SRobert Watsonis not appropriate for label operations.
105d97fcfceSRobert Watson.It Bq Er EOPNOTSUPP
106d97fcfceSRobert WatsonSetting MAC labels is not supported
107d97fcfceSRobert Watsonby the file referenced by
108d97fcfceSRobert Watson.Fa fd .
109d97fcfceSRobert Watson.It Bq Er EPERM
11057bd0fc6SJens SchweikhardtThe calling process had insufficient privilege
111d97fcfceSRobert Watsonto change the MAC label.
112d97fcfceSRobert Watson.It Bq Er EROFS
113d97fcfceSRobert WatsonFile system for the object being modified
114d97fcfceSRobert Watsonis read only.
115d97fcfceSRobert Watson.It Bq Er ENAMETOOLONG
116d97fcfceSRobert Watson.\" XXX POSIX_NO_TRUNC?
117d97fcfceSRobert WatsonThe length of the pathname in
118d97fcfceSRobert Watson.Fa path_p
119d97fcfceSRobert Watsonexceeds
120d97fcfceSRobert Watson.Dv PATH_MAX ,
121d97fcfceSRobert Watsonor a component of the pathname
122d97fcfceSRobert Watsonis longer than
123d97fcfceSRobert Watson.Dv NAME_MAX .
124d97fcfceSRobert Watson.It Bq Er ENOENT
125d97fcfceSRobert WatsonThe file referenced by
126d97fcfceSRobert Watson.Fa path_p
127d97fcfceSRobert Watsondoes not exist.
128d97fcfceSRobert Watson.It Bq Er ENOTDIR
129d97fcfceSRobert WatsonA component of the pathname
130d97fcfceSRobert Watsonreferenced by
131d97fcfceSRobert Watson.Fa path_p
132d97fcfceSRobert Watsonis not a directory.
1333b296920SRuslan Ermilov.El
134c75fc229SChris Costello.Sh SEE ALSO
135d97fcfceSRobert Watson.Xr mac 3 ,
136d97fcfceSRobert Watson.Xr mac_free 3 ,
1373b296920SRuslan Ermilov.Xr mac_get 3 ,
13876a829fdSChris Costello.Xr mac_is_present_np 3 ,
13976a829fdSChris Costello.Xr mac_prepare 3 ,
140c75fc229SChris Costello.Xr mac_text 3 ,
141c75fc229SChris Costello.Xr mac 4 ,
142c75fc229SChris Costello.Xr mac 9
14309a7f448SRobert Watson.Sh HISTORY
14409a7f448SRobert WatsonSupport for Mandatory Access Control was introduced in
14509a7f448SRobert Watson.Fx 5.0
14609a7f448SRobert Watsonas part of the
14709a7f448SRobert Watson.Tn TrustedBSD
14809a7f448SRobert WatsonProject.
149