15b38a427SRobert Watson.\" Copyright (c) 2002 Networks Associates Technology, Inc. 25b38a427SRobert Watson.\" All rights reserved. 35b38a427SRobert Watson.\" 45b38a427SRobert Watson.\" This software was developed for the FreeBSD Project by Chris 55b38a427SRobert Watson.\" Costello at Safeport Network Services and NAI Labs, the Security 65b38a427SRobert Watson.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 75b38a427SRobert Watson.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 85b38a427SRobert Watson.\" research program. 95b38a427SRobert Watson.\" 105b38a427SRobert Watson.\" Redistribution and use in source and binary forms, with or without 115b38a427SRobert Watson.\" modification, are permitted provided that the following conditions 125b38a427SRobert Watson.\" are met: 135b38a427SRobert Watson.\" 1. Redistributions of source code must retain the above copyright 145b38a427SRobert Watson.\" notice, this list of conditions and the following disclaimer. 155b38a427SRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright 165b38a427SRobert Watson.\" notice, this list of conditions and the following disclaimer in the 175b38a427SRobert Watson.\" documentation and/or other materials provided with the distribution. 185b38a427SRobert Watson.\" 195b38a427SRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 205b38a427SRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 215b38a427SRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 225b38a427SRobert Watson.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 235b38a427SRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 245b38a427SRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 255b38a427SRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 265b38a427SRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 275b38a427SRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 285b38a427SRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 295b38a427SRobert Watson.\" SUCH DAMAGE. 305b38a427SRobert Watson.\" 315b38a427SRobert Watson.\" $FreeBSD$ 325b38a427SRobert Watson.Dd June 27, 2002 335b38a427SRobert Watson.Dt SETFMAC 8 345b38a427SRobert Watson.Sh NAME 35a8896b02SRobert Watson.Nm setfmac , 36a8896b02SRobert Watson.Nm setfsmac 375b38a427SRobert Watson.Nd set MAC label for a file system object 385b38a427SRobert Watson.Sh SYNOPSIS 39a8896b02SRobert Watson.Nm setfmac 40a8896b02SRobert Watson.Op Fl hR 415b38a427SRobert Watson.Ar label 42214adc07SRobert Watson.Ar 43a8896b02SRobert Watson.Nm setfsmac 44a8896b02SRobert Watson.Op Fl ehvx 45a8896b02SRobert Watson.Op Fl f Ar specfile 46a8896b02SRobert Watson.Op Fl s Ar specfile 47214adc07SRobert Watson.Ar 485b38a427SRobert Watson.Sh DESCRIPTION 495b38a427SRobert WatsonThe 50a8896b02SRobert Watson.Nm setfmac 51a8896b02SRobert Watsonutility assigns the specified MAC label to the specified files. 52a8896b02SRobert WatsonThe following options are available: 53a8896b02SRobert Watson.Bl -tag -width indent 54a8896b02SRobert Watson.It Fl R 55a8896b02SRobert WatsonSet the labels on the file hierarchies rooted in the files instead of 56a8896b02SRobert Watsonjust the files themselves. 57a8896b02SRobert Watson.It Fl h 58a8896b02SRobert WatsonIf the file is a symbolic link, change the label of the link rather 59a8896b02SRobert Watsonthan the file that the link points to. 60a8896b02SRobert Watson.El 61a8896b02SRobert Watson.Pp 62a8896b02SRobert WatsonThe 63a8896b02SRobert Watson.Nm setfsmac 64a8896b02SRobert Watsonutility accepts a list of specification files as input and sets the MAC 65a8896b02SRobert Watsonlabels on the specified file system hierarchies. 66a8896b02SRobert WatsonPath names specified will be visited in order as given on the command line, 67a8896b02SRobert Watsonand each tree will be traversed in pre-order. 68a8896b02SRobert Watson(Generally, it will not be very useful to use relative, instead of absolute, 69a8896b02SRobert Watsonpaths.) 70a8896b02SRobert WatsonThe labels that match a file will be combined and set in a single 71a8896b02SRobert Watsontransaction. 72a8896b02SRobert Watson.Pp 73a8896b02SRobert WatsonThe following options are available: 74a8896b02SRobert Watson.Bl -tag -width indent 75a8896b02SRobert Watson.It Fl e 76a8896b02SRobert WatsonTreat any filesystems encountered which do not support MAC labelling as 77a8896b02SRobert Watsonerrors, instead of warning and skipping past them. 78a8896b02SRobert Watson.It Fl f Ar specfile 79a8896b02SRobert WatsonAdd the specifications in 80a8896b02SRobert Watson.Ar specfile 81a8896b02SRobert Watsonas a set of which at most one will be applied to each file traversed per 82a8896b02SRobert Watson.Fl f Ar specfile 83a8896b02SRobert Watsongiven. 84a8896b02SRobert Watson.It Fl h 85a8896b02SRobert WatsonIf the file is a symbolic link, change the label of the link rather 86a8896b02SRobert Watsonthan the file that the link points to. 87a8896b02SRobert Watson.It Fl s Ar specfile 88a8896b02SRobert WatsonAdd the specification in 89a8896b02SRobert Watson.Ar specfile , 90a8896b02SRobert Watsonbut assume that the specification format is that used in the port 91214adc07SRobert Watsonof 92214adc07SRobert Watson.Tn SELinux 93214adc07SRobert Watsonto 94214adc07SRobert Watson.Fx , 95214adc07SRobert Watson.Tn SEBSD. 96a8896b02SRobert WatsonAt most one of the specifications will be applied to each file traversed per 97a8896b02SRobert Watson.Fl f Ar specfile 98a8896b02SRobert Watsongiven. 99a8896b02SRobert WatsonThe prefix 100214adc07SRobert Watson.Dq Li sebsd/ 101a8896b02SRobert Watsonwill automatically be prepended to the labels in this file, and labels 102a8896b02SRobert Watsonmatching 103214adc07SRobert Watson.Dq Li <<none>> 104a8896b02SRobert Watsonwill be explicitly not relabeled. 105214adc07SRobert WatsonThis permits SEBSD to re-use existing 106214adc07SRobert Watson.Tn SELinux 107214adc07SRobert Watsonpolicy specification files 108a8896b02SRobert Watsonunmodified. 109a8896b02SRobert Watson.It Fl v 110a8896b02SRobert WatsonIncrease the degree of verbosity. 111a8896b02SRobert WatsonWhen given, information detailing the labelling operation is printed while 112a8896b02SRobert Watsonin progress. 113a8896b02SRobert Watson.It Fl x 114a8896b02SRobert WatsonDo not cross recurse into new filesystems when traversing them. 115a8896b02SRobert Watson.El 1165b38a427SRobert Watson.Sh SEE ALSO 1175b38a427SRobert Watson.Xr mac 3 , 1185b38a427SRobert Watson.Xr mac_set_file 3 , 119a8896b02SRobert Watson.Xr mac_set_link 3 , 120a8896b02SRobert Watson.Xr re_format 7 , 1215b38a427SRobert Watson.Xr getfmac 8 , 1225b38a427SRobert Watson.Xr mac 9 123