xref: /freebsd/lib/libc/posix1e/mac_set.3 (revision 84ee9401a3fc8d3c22424266f421a928989cd692)
1.\" Copyright (c) 2001 Networks Associates Technology, Inc.
2.\" All rights reserved.
3.\"
4.\" This software was developed for the FreeBSD Project by Chris
5.\" Costello at Safeport Network Services and NAI Labs, the Security
6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8.\" research program.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.\" $FreeBSD$
32.\"
33.Dd January 14, 2003
34.Dt MAC_SET 3
35.Os
36.Sh NAME
37.Nm mac_set_file ,
38.Nm mac_set_fd ,
39.Nm mac_set_proc
40.Nd set the MAC label for a file or process
41.Sh LIBRARY
42.Lb libc
43.Sh SYNOPSIS
44.In sys/mac.h
45.Ft int
46.Fn mac_set_file "const char *path" "mac_t label"
47.Ft int
48.Fn mac_set_link "const char *path" "mac_t label"
49.Ft int
50.Fn mac_set_fd "int fd" "mac_t label"
51.Ft int
52.Fn mac_set_proc "mac_t label"
53.Sh DESCRIPTION
54The
55.Fn mac_set_file
56and
57.Fn mac_set_fd
58functions associate a MAC label
59specified by
60.Fa label
61to the file referenced to by
62.Fa path_p ,
63or to the file descriptor
64.Fa fd ,
65respectively.
66Note that when a file descriptor references a socket, label operations
67on the file descriptor act on the socket, not on the file that may
68have been used as a rendezvous when binding the socket.
69The
70.Fn mac_set_link
71function is the same as
72.Fn mac_set_file ,
73except that it does not follow symlinks.
74.Pp
75The
76.Fn mac_set_proc
77function associates the MAC label
78specified by
79.Fa label
80to the calling process.
81.Pp
82A process is allowed to set a label for a file
83only if it has MAC write access to the file,
84and its effective user ID is equal to
85the owner of the file,
86or has appropriate privileges.
87.Sh RETURN VALUES
88.Rv -std mac_set_fd mac_set_file mac_set_link mac_set_proc
89.Sh ERRORS
90.Bl -tag -width Er
91.It Bq Er EACCES
92MAC write access to the file is denied.
93.It Bq Er EBADF
94The
95.Fa fd
96argument
97is not a valid file descriptor.
98.It Bq Er EINVAL
99The
100.Fa label
101argument
102is not a valid MAC label, or the object referenced by
103.Fa fd
104is not appropriate for label operations.
105.It Bq Er EOPNOTSUPP
106Setting MAC labels is not supported
107by the file referenced by
108.Fa fd .
109.It Bq Er EPERM
110The calling process had insufficient privilege
111to change the MAC label.
112.It Bq Er EROFS
113File system for the object being modified
114is read only.
115.It Bq Er ENAMETOOLONG
116.\" XXX POSIX_NO_TRUNC?
117The length of the pathname in
118.Fa path_p
119exceeds
120.Dv PATH_MAX ,
121or a component of the pathname
122is longer than
123.Dv NAME_MAX .
124.It Bq Er ENOENT
125The file referenced by
126.Fa path_p
127does not exist.
128.It Bq Er ENOTDIR
129A component of the pathname
130referenced by
131.Fa path_p
132is not a directory.
133.El
134.Sh SEE ALSO
135.Xr mac 3 ,
136.Xr mac_free 3 ,
137.Xr mac_get 3 ,
138.Xr mac_is_present 3 ,
139.Xr mac_prepare 3 ,
140.Xr mac_text 3 ,
141.Xr mac 4 ,
142.Xr mac 9
143.Sh HISTORY
144Support for Mandatory Access Control was introduced in
145.Fx 5.0
146as part of the
147.Tn TrustedBSD
148Project.
149