xref: /freebsd/lib/libc/posix1e/mac_set.3 (revision 2008043f386721d58158e37e0d7e50df8095942d) 
1.\" Copyright (c) 2001 Networks Associates Technology, Inc.
2.\" All rights reserved.
3.\"
4.\" This software was developed for the FreeBSD Project by Chris
5.\" Costello at Safeport Network Services and NAI Labs, the Security
6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8.\" research program.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.Dd January 14, 2003
32.Dt MAC_SET 3
33.Os
34.Sh NAME
35.Nm mac_set_file ,
36.Nm mac_set_fd ,
37.Nm mac_set_proc
38.Nd set the MAC label for a file or process
39.Sh LIBRARY
40.Lb libc
41.Sh SYNOPSIS
42.In sys/mac.h
43.Ft int
44.Fn mac_set_file "const char *path" "mac_t label"
45.Ft int
46.Fn mac_set_link "const char *path" "mac_t label"
47.Ft int
48.Fn mac_set_fd "int fd" "mac_t label"
49.Ft int
50.Fn mac_set_proc "mac_t label"
51.Sh DESCRIPTION
52The
53.Fn mac_set_file
54and
55.Fn mac_set_fd
56functions associate a MAC label
57specified by
58.Fa label
59to the file referenced to by
60.Fa path_p ,
61or to the file descriptor
62.Fa fd ,
63respectively.
64Note that when a file descriptor references a socket, label operations
65on the file descriptor act on the socket, not on the file that may
66have been used as a rendezvous when binding the socket.
67The
68.Fn mac_set_link
69function is the same as
70.Fn mac_set_file ,
71except that it does not follow symlinks.
72.Pp
73The
74.Fn mac_set_proc
75function associates the MAC label
76specified by
77.Fa label
78to the calling process.
79.Pp
80A process is allowed to set a label for a file
81only if it has MAC write access to the file,
82and its effective user ID is equal to
83the owner of the file,
84or has appropriate privileges.
85.Sh RETURN VALUES
86.Rv -std mac_set_fd mac_set_file mac_set_link mac_set_proc
87.Sh ERRORS
88.Bl -tag -width Er
89.It Bq Er EACCES
90MAC write access to the file is denied.
91.It Bq Er EBADF
92The
93.Fa fd
94argument
95is not a valid file descriptor.
96.It Bq Er EINVAL
97The
98.Fa label
99argument
100is not a valid MAC label, or the object referenced by
101.Fa fd
102is not appropriate for label operations.
103.It Bq Er EOPNOTSUPP
104Setting MAC labels is not supported
105by the file referenced by
106.Fa fd .
107.It Bq Er EPERM
108The calling process had insufficient privilege
109to change the MAC label.
110.It Bq Er EROFS
111File system for the object being modified
112is read only.
113.It Bq Er ENAMETOOLONG
114.\" XXX POSIX_NO_TRUNC?
115The length of the pathname in
116.Fa path_p
117exceeds
118.Dv PATH_MAX ,
119or a component of the pathname
120is longer than
121.Dv NAME_MAX .
122.It Bq Er ENOENT
123The file referenced by
124.Fa path_p
125does not exist.
126.It Bq Er ENOTDIR
127A component of the pathname
128referenced by
129.Fa path_p
130is not a directory.
131.El
132.Sh SEE ALSO
133.Xr mac 3 ,
134.Xr mac_free 3 ,
135.Xr mac_get 3 ,
136.Xr mac_is_present 3 ,
137.Xr mac_prepare 3 ,
138.Xr mac_text 3 ,
139.Xr posix1e 3 ,
140.Xr mac 4 ,
141.Xr mac 9
142.Sh HISTORY
143Support for Mandatory Access Control was introduced in
144.Fx 5.0
145as part of the
146.Tn TrustedBSD
147Project.
148