From 237a5de859e2e0aec02d082804c88d9ee1f95be6 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sun, 16 Nov 2003 20:21:21 +0000
Subject: [PATCH] Update mac_set.3 to account for new behavior of mac_set_fd()
 in the context of sockets, and document EINVAL as a possible failure mode
 based on the object selected, not just the label provided.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
---
 lib/libc/posix1e/mac_set.3 | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/libc/posix1e/mac_set.3 b/lib/libc/posix1e/mac_set.3
index f674adc1e446..175a25a11556 100644
--- a/lib/libc/posix1e/mac_set.3
+++ b/lib/libc/posix1e/mac_set.3
@@ -63,15 +63,15 @@ to the file referenced to by
 or to the file descriptor
 .Fa fd ,
 respectively.
-Note that this function will fail on socket descriptors.
-For information on
-setting MAC labels on socket descriptors see
-.Xr setsockopt 2 .
+Note that when a file descriptor references a socket, label operations
+on the file descriptor act on the socket, not on the file that may
+have been used as a rendezvous when binding the socket.
 The
 .Fn mac_set_link
 function is the same as
 .Fn mac_set_file ,
 except that it does not follow symlinks.
+.Pp
 The
 .Fn mac_set_proc
 function associates the MAC label
@@ -99,7 +99,9 @@ is not a valid file descriptor.
 The
 .Fa label
 argument
-is not a valid MAC label.
+is not a valid MAC label, or the object referenced by
+.Fa fd
+is not appropriate for label operations.
 .It Bq Er EOPNOTSUPP
 Setting MAC labels is not supported
 by the file referenced by