16cc0c637SChris Costello.\" Copyright (c) 2003 Networks Associates Technology, Inc. 26cc0c637SChris Costello.\" All rights reserved. 36cc0c637SChris Costello.\" 46cc0c637SChris Costello.\" This software was developed for the FreeBSD Project by Chris Costello 56cc0c637SChris Costello.\" at Safeport Network Services and Network Associates Labs, the 66cc0c637SChris Costello.\" Security Research Division of Network Associates, Inc. under 76cc0c637SChris Costello.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 86cc0c637SChris Costello.\" DARPA CHATS research program. 96cc0c637SChris Costello.\" 106cc0c637SChris Costello.\" Redistribution and use in source and binary forms, with or without 116cc0c637SChris Costello.\" modification, are permitted provided that the following conditions 126cc0c637SChris Costello.\" are met: 136cc0c637SChris Costello.\" 1. Redistributions of source code must retain the above copyright 146cc0c637SChris Costello.\" notice, this list of conditions and the following disclaimer. 156cc0c637SChris Costello.\" 2. Redistributions in binary form must reproduce the above copyright 166cc0c637SChris Costello.\" notice, this list of conditions and the following disclaimer in the 176cc0c637SChris Costello.\" documentation and/or other materials provided with the distribution. 186cc0c637SChris Costello.\" 196cc0c637SChris Costello.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 206cc0c637SChris Costello.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 216cc0c637SChris Costello.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 226cc0c637SChris Costello.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 236cc0c637SChris Costello.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 246cc0c637SChris Costello.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 256cc0c637SChris Costello.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 266cc0c637SChris Costello.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 276cc0c637SChris Costello.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 286cc0c637SChris Costello.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 296cc0c637SChris Costello.\" SUCH DAMAGE. 306cc0c637SChris Costello.\" 316cc0c637SChris Costello.\" $FreeBSD$ 326cc0c637SChris Costello.Dd March 13, 2003 336cc0c637SChris Costello.Os 346cc0c637SChris Costello.Dt SETFSMAC 8 356cc0c637SChris Costello.Sh NAME 366cc0c637SChris Costello.Nm setfsmac 376cc0c637SChris Costello.Nd set MAC label for a file hierarchy 386cc0c637SChris Costello.Sh SYNOPSIS 396cc0c637SChris Costello.Nm 406cc0c637SChris Costello.Op Fl ehvx 416cc0c637SChris Costello.Op Fl f Ar specfile 426cc0c637SChris Costello.Op Fl s Ar specfile 436cc0c637SChris Costello.Ar path ... 446cc0c637SChris Costello.Sh DESCRIPTION 456cc0c637SChris CostelloThe 466cc0c637SChris Costello.Nm 476cc0c637SChris Costelloutility accepts a list of specification files as input and sets the MAC 486cc0c637SChris Costellolabels on the specified file system hierarchies. 496cc0c637SChris CostelloPath names specified will be visited in order as given in the command 506cc0c637SChris Costelloline, and each tree will be traversed in pre-order. 516cc0c637SChris Costello(Generally, it will not be very useful to use relative paths instead of 526cc0c637SChris Costelloabsolute paths.) 536cc0c637SChris CostelloMultiple entries matching a single file will be combined and applied in 546cc0c637SChris Costelloa single transaction. 556cc0c637SChris Costello.Pp 566cc0c637SChris CostelloThe following options are available: 576cc0c637SChris Costello.Bl -tag -width indent 586cc0c637SChris Costello.It Fl e 596cc0c637SChris CostelloTreat any file systems encountered which do not support MAC labelling as 606cc0c637SChris Costelloerrors, instead of warning and skipping them. 616cc0c637SChris Costello.It Fl f Ar specfile 626cc0c637SChris CostelloApply the specifications in 636cc0c637SChris Costello.Ar specfile 646cc0c637SChris Costelloto the specified paths. 656cc0c637SChris Costello.\" XXX 666cc0c637SChris Costello.Bf -emphasis 676cc0c637SChris CostelloNOTE: Only the first entry for each file is applied; 686cc0c637SChris Costelloall others are disregarded and silently dropped. 696cc0c637SChris Costello.Ef 706cc0c637SChris CostelloMultiple 716cc0c637SChris Costello.Fl f 726cc0c637SChris Costelloarguments may be specified to include multiple 736cc0c637SChris Costellospecification files. 746cc0c637SChris Costello.It Fl h 756cc0c637SChris CostelloWhen a symbolic link is encountered, change the label of the link rather 766cc0c637SChris Costellothan the file the link points to. 776cc0c637SChris Costello.It Fl s Ar specfile 786cc0c637SChris CostelloApply the specifications in 796cc0c637SChris Costello.Ar specfile , 806cc0c637SChris Costellobut assume the specification format is compatible with the SELinux 816cc0c637SChris Costello.Ar specfile 826cc0c637SChris Costelloformat. 836cc0c637SChris Costello.\" XXX 846cc0c637SChris Costello.Bf -emphasis 856cc0c637SChris CostelloNOTE: Only the first entry for each file is applied; 866cc0c637SChris Costelloall others are disregarded and silently dropped. 876cc0c637SChris Costello.Ef 886cc0c637SChris CostelloThe prefix 896cc0c637SChris Costello.Dq sebsd/ 906cc0c637SChris Costellowill be automatically prepended to the labels in 916cc0c637SChris Costello.Ar specfile . 926cc0c637SChris CostelloLabels matching 936cc0c637SChris Costello.Dq <<none>> 946cc0c637SChris Costellowill be explicitly not relabeled. 956cc0c637SChris CostelloThis permits SEBSD to reuse existing SELinux policy specification files. 966cc0c637SChris Costello.It Fl v 976cc0c637SChris CostelloIncrease the degree of verbosity. 986cc0c637SChris Costello.It Fl x 996cc0c637SChris CostelloDo not recurse into new file systems when traversing them. 1006cc0c637SChris Costello.El 10103b920e1SChris Costello.Sh FILES 10203b920e1SChris Costello.Bl -tag -width /usr/share/security/lomac-policy.contexts -compact 10303b920e1SChris Costello.It Pa /usr/share/security/lomac-policy.contexts 10403b920e1SChris CostelloSample specfile containing LOMAC policy entries. 10503b920e1SChris Costello.El 10603b920e1SChris Costello.Sh EXAMPLES 10703b920e1SChris CostelloSee 10803b920e1SChris Costello.Sx FILES . 1096cc0c637SChris Costello.Sh AUTHORS 1106cc0c637SChris CostelloThis software was contributed to the 1116cc0c637SChris Costello.Fx 1126cc0c637SChris CostelloProject by Network Associates Labs, 1136cc0c637SChris Costellothe Security Research Division of Network Associates 1146cc0c637SChris CostelloInc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 1156cc0c637SChris Costelloas part of the DARPA CHATS research program. 1166cc0c637SChris Costello.Sh SEE ALSO 1176cc0c637SChris Costello.Xr mac 3 , 1186cc0c637SChris Costello.Xr mac_set_file 3 , 1196cc0c637SChris Costello.Xr mac_set_link 3 , 1206cc0c637SChris Costello.Xr mac 4 , 1216cc0c637SChris Costello.Xr re_format 7 , 1226cc0c637SChris Costello.Xr getfmac 8 , 1236cc0c637SChris Costello.Xr setfmac 8 , 1246cc0c637SChris Costello.Xr mac 9 125