15b38a427SRobert Watson.\" Copyright (c) 2002 Networks Associates Technology, Inc. 25b38a427SRobert Watson.\" All rights reserved. 35b38a427SRobert Watson.\" 45b38a427SRobert Watson.\" This software was developed for the FreeBSD Project by Chris 55b38a427SRobert Watson.\" Costello at Safeport Network Services and NAI Labs, the Security 65b38a427SRobert Watson.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 75b38a427SRobert Watson.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 85b38a427SRobert Watson.\" research program. 95b38a427SRobert Watson.\" 105b38a427SRobert Watson.\" Redistribution and use in source and binary forms, with or without 115b38a427SRobert Watson.\" modification, are permitted provided that the following conditions 125b38a427SRobert Watson.\" are met: 135b38a427SRobert Watson.\" 1. Redistributions of source code must retain the above copyright 145b38a427SRobert Watson.\" notice, this list of conditions and the following disclaimer. 155b38a427SRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright 165b38a427SRobert Watson.\" notice, this list of conditions and the following disclaimer in the 175b38a427SRobert Watson.\" documentation and/or other materials provided with the distribution. 185b38a427SRobert Watson.\" 195b38a427SRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 205b38a427SRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 215b38a427SRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 225b38a427SRobert Watson.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 235b38a427SRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 245b38a427SRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 255b38a427SRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 265b38a427SRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 275b38a427SRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 285b38a427SRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 295b38a427SRobert Watson.\" SUCH DAMAGE. 305b38a427SRobert Watson.\" 315b38a427SRobert Watson.\" $FreeBSD$ 325b38a427SRobert Watson.Dd June 27, 2002 335b38a427SRobert Watson.Dt SETFMAC 8 345b38a427SRobert Watson.Sh NAME 35a8896b02SRobert Watson.Nm setfmac , 36a8896b02SRobert Watson.Nm setfsmac 375b38a427SRobert Watson.Nd set MAC label for a file system object 385b38a427SRobert Watson.Sh SYNOPSIS 39a8896b02SRobert Watson.Nm setfmac 40a8896b02SRobert Watson.Op Fl hR 415b38a427SRobert Watson.Ar label 42a8896b02SRobert Watson.Op Ar file ... 43a8896b02SRobert Watson.Nm setfsmac 44a8896b02SRobert Watson.Op Fl ehvx 45a8896b02SRobert Watson.Op Fl f Ar specfile 46a8896b02SRobert Watson.Op Fl s Ar specfile 47a8896b02SRobert Watson.Ar path 48a8896b02SRobert Watson.Op Ar file ... 495b38a427SRobert Watson.Sh DESCRIPTION 505b38a427SRobert WatsonThe 51a8896b02SRobert Watson.Nm setfmac 52a8896b02SRobert Watsonutility assigns the specified MAC label to the specified files. 53a8896b02SRobert WatsonThe following options are available: 54a8896b02SRobert Watson.Bl -tag -width indent 55a8896b02SRobert Watson.It Fl R 56a8896b02SRobert WatsonSet the labels on the file hierarchies rooted in the files instead of 57a8896b02SRobert Watsonjust the files themselves. 58a8896b02SRobert Watson.It Fl h 59a8896b02SRobert WatsonIf the file is a symbolic link, change the label of the link rather 60a8896b02SRobert Watsonthan the file that the link points to. 61a8896b02SRobert Watson.El 62a8896b02SRobert Watson.Pp 63a8896b02SRobert WatsonThe 64a8896b02SRobert Watson.Nm setfsmac 65a8896b02SRobert Watsonutility accepts a list of specification files as input and sets the MAC 66a8896b02SRobert Watsonlabels on the specified file system hierarchies. 67a8896b02SRobert WatsonPath names specified will be visited in order as given on the command line, 68a8896b02SRobert Watsonand each tree will be traversed in pre-order. 69a8896b02SRobert Watson(Generally, it will not be very useful to use relative, instead of absolute, 70a8896b02SRobert Watsonpaths.) 71a8896b02SRobert WatsonThe labels that match a file will be combined and set in a single 72a8896b02SRobert Watsontransaction. 73a8896b02SRobert Watson.Pp 74a8896b02SRobert WatsonThe following options are available: 75a8896b02SRobert Watson.Bl -tag -width indent 76a8896b02SRobert Watson.It Fl e 77a8896b02SRobert WatsonTreat any filesystems encountered which do not support MAC labelling as 78a8896b02SRobert Watsonerrors, instead of warning and skipping past them. 79a8896b02SRobert Watson.It Fl f Ar specfile 80a8896b02SRobert WatsonAdd the specifications in 81a8896b02SRobert Watson.Ar specfile 82a8896b02SRobert Watsonas a set of which at most one will be applied to each file traversed per 83a8896b02SRobert Watson.Fl f Ar specfile 84a8896b02SRobert Watsongiven. 85a8896b02SRobert Watson.It Fl h 86a8896b02SRobert WatsonIf the file is a symbolic link, change the label of the link rather 87a8896b02SRobert Watsonthan the file that the link points to. 88a8896b02SRobert Watson.It Fl s Ar specfile 89a8896b02SRobert WatsonAdd the specification in 90a8896b02SRobert Watson.Ar specfile , 91a8896b02SRobert Watsonbut assume that the specification format is that used in the port 92a8896b02SRobert Watsonof SELinux to FreeBSD as SEBSD. 93a8896b02SRobert WatsonAt most one of the specifications will be applied to each file traversed per 94a8896b02SRobert Watson.Fl f Ar specfile 95a8896b02SRobert Watsongiven. 96a8896b02SRobert WatsonThe prefix 97a8896b02SRobert Watson.Dq sebsd/ 98a8896b02SRobert Watsonwill automatically be prepended to the labels in this file, and labels 99a8896b02SRobert Watsonmatching 100a8896b02SRobert Watson.Dq <<none>> 101a8896b02SRobert Watsonwill be explicitly not relabeled. 102a8896b02SRobert WatsonThis permits SEBSD to re-use existing SELinux policy specification files 103a8896b02SRobert Watsonunmodified. 104a8896b02SRobert Watson.It Fl v 105a8896b02SRobert WatsonIncrease the degree of verbosity. 106a8896b02SRobert WatsonWhen given, information detailing the labelling operation is printed while 107a8896b02SRobert Watsonin progress. 108a8896b02SRobert Watson.It Fl x 109a8896b02SRobert WatsonDo not cross recurse into new filesystems when traversing them. 110a8896b02SRobert Watson.El 1115b38a427SRobert Watson.Sh SEE ALSO 1125b38a427SRobert Watson.Xr mac 3 , 1135b38a427SRobert Watson.Xr mac_set_file 3 , 114a8896b02SRobert Watson.Xr mac_set_link 3 , 115a8896b02SRobert Watson.Xr re_format 7 , 1165b38a427SRobert Watson.Xr getfmac 8 , 1175b38a427SRobert Watson.Xr mac 9 118