xref: /freebsd/usr.sbin/setfmac/setfsmac.8 (revision aa12cea2ccc6e686d6d31cf67d6bc69cbc1ba744) 
198359716SRobert Watson.\" Copyright (c) 2003, 2004 Networks Associates Technology, Inc.
26cc0c637SChris Costello.\" All rights reserved.
36cc0c637SChris Costello.\"
46cc0c637SChris Costello.\" This software was developed for the FreeBSD Project by Chris Costello
56cc0c637SChris Costello.\" at Safeport Network Services and Network Associates Labs, the
66cc0c637SChris Costello.\" Security Research Division of Network Associates, Inc. under
76cc0c637SChris Costello.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
86cc0c637SChris Costello.\" DARPA CHATS research program.
96cc0c637SChris Costello.\"
106cc0c637SChris Costello.\" Redistribution and use in source and binary forms, with or without
116cc0c637SChris Costello.\" modification, are permitted provided that the following conditions
126cc0c637SChris Costello.\" are met:
136cc0c637SChris Costello.\" 1. Redistributions of source code must retain the above copyright
146cc0c637SChris Costello.\"    notice, this list of conditions and the following disclaimer.
156cc0c637SChris Costello.\" 2. Redistributions in binary form must reproduce the above copyright
166cc0c637SChris Costello.\"    notice, this list of conditions and the following disclaimer in the
176cc0c637SChris Costello.\"    documentation and/or other materials provided with the distribution.
186cc0c637SChris Costello.\"
196cc0c637SChris Costello.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
206cc0c637SChris Costello.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
216cc0c637SChris Costello.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
226cc0c637SChris Costello.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
236cc0c637SChris Costello.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
246cc0c637SChris Costello.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
256cc0c637SChris Costello.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
266cc0c637SChris Costello.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
276cc0c637SChris Costello.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
286cc0c637SChris Costello.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
296cc0c637SChris Costello.\" SUCH DAMAGE.
306cc0c637SChris Costello.\"
316cc0c637SChris Costello.\" $FreeBSD$
325234638eSRuslan Ermilov.\"
3398359716SRobert Watson.Dd February 17, 2004
346cc0c637SChris Costello.Dt SETFSMAC 8
35*aa12cea2SUlrich Spörlein.Os
366cc0c637SChris Costello.Sh NAME
376cc0c637SChris Costello.Nm setfsmac
386cc0c637SChris Costello.Nd set MAC label for a file hierarchy
396cc0c637SChris Costello.Sh SYNOPSIS
406cc0c637SChris Costello.Nm
4198359716SRobert Watson.Op Fl ehqvx
425234638eSRuslan Ermilov.Oo Fl f Ar specfile Oc ...
435234638eSRuslan Ermilov.Oo Fl s Ar specfile Oc ...
445234638eSRuslan Ermilov.Ar
456cc0c637SChris Costello.Sh DESCRIPTION
466cc0c637SChris CostelloThe
476cc0c637SChris Costello.Nm
486cc0c637SChris Costelloutility accepts a list of specification files as input and sets the MAC
496cc0c637SChris Costellolabels on the specified file system hierarchies.
505234638eSRuslan ErmilovPath names specified will be visited in order as given on the command
516cc0c637SChris Costelloline, and each tree will be traversed in pre-order.
526cc0c637SChris Costello(Generally, it will not be very useful to use relative paths instead of
536cc0c637SChris Costelloabsolute paths.)
546cc0c637SChris CostelloMultiple entries matching a single file will be combined and applied in
556cc0c637SChris Costelloa single transaction.
566cc0c637SChris Costello.Pp
576cc0c637SChris CostelloThe following options are available:
586cc0c637SChris Costello.Bl -tag -width indent
596cc0c637SChris Costello.It Fl e
606cc0c637SChris CostelloTreat any file systems encountered which do not support MAC labelling as
616cc0c637SChris Costelloerrors, instead of warning and skipping them.
626cc0c637SChris Costello.It Fl f Ar specfile
636cc0c637SChris CostelloApply the specifications in
646cc0c637SChris Costello.Ar specfile
656cc0c637SChris Costelloto the specified paths.
666cc0c637SChris Costello.\" XXX
676cc0c637SChris Costello.Bf -emphasis
686cc0c637SChris CostelloNOTE: Only the first entry for each file is applied;
696cc0c637SChris Costelloall others are disregarded and silently dropped.
706cc0c637SChris Costello.Ef
716cc0c637SChris CostelloMultiple
726cc0c637SChris Costello.Fl f
736cc0c637SChris Costelloarguments may be specified to include multiple
746cc0c637SChris Costellospecification files.
756cc0c637SChris Costello.It Fl h
766cc0c637SChris CostelloWhen a symbolic link is encountered, change the label of the link rather
776cc0c637SChris Costellothan the file the link points to.
7898359716SRobert Watson.It Fl q
7998359716SRobert WatsonDo not print non-fatal warnings during execution.
806cc0c637SChris Costello.It Fl s Ar specfile
816cc0c637SChris CostelloApply the specifications in
826cc0c637SChris Costello.Ar specfile ,
836cc0c637SChris Costellobut assume the specification format is compatible with the SELinux
846cc0c637SChris Costello.Ar specfile
856cc0c637SChris Costelloformat.
866cc0c637SChris Costello.\" XXX
876cc0c637SChris Costello.Bf -emphasis
886cc0c637SChris CostelloNOTE: Only the first entry for each file is applied;
896cc0c637SChris Costelloall others are disregarded and silently dropped.
906cc0c637SChris Costello.Ef
916cc0c637SChris CostelloThe prefix
925234638eSRuslan Ermilov.Dq Li sebsd/
936cc0c637SChris Costellowill be automatically prepended to the labels in
946cc0c637SChris Costello.Ar specfile .
956cc0c637SChris CostelloLabels matching
965234638eSRuslan Ermilov.Dq Li <<none>>
976cc0c637SChris Costellowill be explicitly not relabeled.
986cc0c637SChris CostelloThis permits SEBSD to reuse existing SELinux policy specification files.
996cc0c637SChris Costello.It Fl v
1006cc0c637SChris CostelloIncrease the degree of verbosity.
1016cc0c637SChris Costello.It Fl x
1026cc0c637SChris CostelloDo not recurse into new file systems when traversing them.
1036cc0c637SChris Costello.El
10403b920e1SChris Costello.Sh FILES
1055234638eSRuslan Ermilov.Bl -tag -width ".Pa /usr/share/security/lomac-policy.contexts" -compact
10603b920e1SChris Costello.It Pa /usr/share/security/lomac-policy.contexts
10703b920e1SChris CostelloSample specfile containing LOMAC policy entries.
10803b920e1SChris Costello.El
10903b920e1SChris Costello.Sh EXAMPLES
11003b920e1SChris CostelloSee
11103b920e1SChris Costello.Sx FILES .
1126cc0c637SChris Costello.Sh SEE ALSO
1136cc0c637SChris Costello.Xr mac 3 ,
1146cc0c637SChris Costello.Xr mac_set_file 3 ,
1156cc0c637SChris Costello.Xr mac_set_link 3 ,
1166cc0c637SChris Costello.Xr mac 4 ,
1176cc0c637SChris Costello.Xr re_format 7 ,
1186cc0c637SChris Costello.Xr getfmac 8 ,
1196cc0c637SChris Costello.Xr setfmac 8 ,
1206cc0c637SChris Costello.Xr mac 9
12159a3c79dSRuslan Ermilov.Sh AUTHORS
12259a3c79dSRuslan ErmilovThis software was contributed to the
12359a3c79dSRuslan Ermilov.Fx
12459a3c79dSRuslan ErmilovProject by Network Associates Labs,
12559a3c79dSRuslan Ermilovthe Security Research Division of Network Associates
12659a3c79dSRuslan ErmilovInc.
12759a3c79dSRuslan Ermilovunder DARPA/SPAWAR contract N66001-01-C-8035
12859a3c79dSRuslan Ermilov.Pq Dq CBOSS ,
12959a3c79dSRuslan Ermilovas part of the DARPA CHATS research program.
130