1.\" Copyright (c) 2001 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and NAI Labs, the Security 6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 8.\" research program. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" $FreeBSD$ 32.\" 33.Dd January 14, 2003 34.Dt MAC_SET 3 35.Os 36.Sh NAME 37.Nm mac_set_file , 38.Nm mac_set_fd , 39.Nm mac_set_proc 40.Nd set the MAC label for a file or process 41.Sh LIBRARY 42.Lb libc 43.Sh SYNOPSIS 44.In sys/mac.h 45.Ft int 46.Fn mac_set_file "const char *path" "mac_t label" 47.Ft int 48.Fn mac_set_link "const char *path" "mac_t label" 49.Ft int 50.Fn mac_set_fd "int fd" "mac_t label" 51.Ft int 52.Fn mac_set_proc "mac_t label" 53.Sh DESCRIPTION 54The 55.Fn mac_set_file 56and 57.Fn mac_set_fd 58functions associate a MAC label 59specified by 60.Fa label 61to the file referenced to by 62.Fa path_p , 63or to the file descriptor 64.Fa fd , 65respectively. 66Note that when a file descriptor references a socket, label operations 67on the file descriptor act on the socket, not on the file that may 68have been used as a rendezvous when binding the socket. 69The 70.Fn mac_set_link 71function is the same as 72.Fn mac_set_file , 73except that it does not follow symlinks. 74.Pp 75The 76.Fn mac_set_proc 77function associates the MAC label 78specified by 79.Fa label 80to the calling process. 81.Pp 82A process is allowed to set a label for a file 83only if it has MAC write access to the file, 84and its effective user ID is equal to 85the owner of the file, 86or has appropriate privileges. 87.Sh RETURN VALUES 88.Rv -std mac_set_fd mac_set_file mac_set_link mac_set_proc 89.Sh ERRORS 90.Bl -tag -width Er 91.It Bq Er EACCES 92MAC write access to the file is denied. 93.It Bq Er EBADF 94The 95.Fa fd 96argument 97is not a valid file descriptor. 98.It Bq Er EINVAL 99The 100.Fa label 101argument 102is not a valid MAC label, or the object referenced by 103.Fa fd 104is not appropriate for label operations. 105.It Bq Er EOPNOTSUPP 106Setting MAC labels is not supported 107by the file referenced by 108.Fa fd . 109.It Bq Er EPERM 110The calling process had insufficient privilege 111to change the MAC label. 112.It Bq Er EROFS 113File system for the object being modified 114is read only. 115.It Bq Er ENAMETOOLONG 116.\" XXX POSIX_NO_TRUNC? 117The length of the pathname in 118.Fa path_p 119exceeds 120.Dv PATH_MAX , 121or a component of the pathname 122is longer than 123.Dv NAME_MAX . 124.It Bq Er ENOENT 125The file referenced by 126.Fa path_p 127does not exist. 128.It Bq Er ENOTDIR 129A component of the pathname 130referenced by 131.Fa path_p 132is not a directory. 133.El 134.Sh SEE ALSO 135.Xr mac 3 , 136.Xr mac_free 3 , 137.Xr mac_get 3 , 138.Xr mac_is_present 3 , 139.Xr mac_prepare 3 , 140.Xr mac_text 3 , 141.Xr mac 4 , 142.Xr mac 9 143.Sh HISTORY 144Support for Mandatory Access Control was introduced in 145.Fx 5.0 146as part of the 147.Tn TrustedBSD 148Project. 149