041d1287e8
Approved by: re
124 lines
4.0 KiB
Groff
124 lines
4.0 KiB
Groff
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" This software was developed for the FreeBSD Project by Chris
|
|
.\" Costello at Safeport Network Services and NAI Labs, the Security
|
|
.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
|
|
.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
|
|
.\" research program.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.Dd June 27, 2002
|
|
.Dt SETFMAC 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm setfmac ,
|
|
.Nm setfsmac
|
|
.Nd set MAC label for a file system object
|
|
.Sh SYNOPSIS
|
|
.Nm setfmac
|
|
.Op Fl hR
|
|
.Ar label
|
|
.Ar
|
|
.Nm setfsmac
|
|
.Op Fl ehvx
|
|
.Op Fl f Ar specfile
|
|
.Op Fl s Ar specfile
|
|
.Ar
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm setfmac
|
|
utility assigns the specified MAC label to the specified files.
|
|
The following options are available:
|
|
.Bl -tag -width indent
|
|
.It Fl R
|
|
Set the labels on the file hierarchies rooted in the files instead of
|
|
just the files themselves.
|
|
.It Fl h
|
|
If the file is a symbolic link, change the label of the link rather
|
|
than the file that the link points to.
|
|
.El
|
|
.Pp
|
|
The
|
|
.Nm setfsmac
|
|
utility accepts a list of specification files as input and sets the MAC
|
|
labels on the specified file system hierarchies.
|
|
Path names specified will be visited in order as given on the command line,
|
|
and each tree will be traversed in pre-order.
|
|
(Generally, it will not be very useful to use relative, instead of absolute,
|
|
paths.)
|
|
The labels that match a file will be combined and set in a single
|
|
transaction.
|
|
.Pp
|
|
The following options are available:
|
|
.Bl -tag -width indent
|
|
.It Fl e
|
|
Treat any file systems encountered which do not support MAC labelling as
|
|
errors, instead of warning and skipping past them.
|
|
.It Fl f Ar specfile
|
|
Add the specifications in
|
|
.Ar specfile
|
|
as a set of which at most one will be applied to each file traversed per
|
|
.Fl f Ar specfile
|
|
given.
|
|
.It Fl h
|
|
If the file is a symbolic link, change the label of the link rather
|
|
than the file that the link points to.
|
|
.It Fl s Ar specfile
|
|
Add the specification in
|
|
.Ar specfile ,
|
|
but assume that the specification format is that used in the port
|
|
of
|
|
.Tn SELinux
|
|
to
|
|
.Fx ,
|
|
.Tn SEBSD .
|
|
At most one of the specifications will be applied to each file traversed per
|
|
.Fl f Ar specfile
|
|
given.
|
|
The prefix
|
|
.Dq Li sebsd/
|
|
will automatically be prepended to the labels in this file, and labels
|
|
matching
|
|
.Dq Li <<none>>
|
|
will be explicitly not relabeled.
|
|
This permits SEBSD to re-use existing
|
|
.Tn SELinux
|
|
policy specification files
|
|
unmodified.
|
|
.It Fl v
|
|
Increase the degree of verbosity.
|
|
When given, information detailing the labelling operation is printed while
|
|
in progress.
|
|
.It Fl x
|
|
Do not cross recurse into new file systems when traversing them.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr mac 3 ,
|
|
.Xr mac_set_file 3 ,
|
|
.Xr mac_set_link 3 ,
|
|
.Xr re_format 7 ,
|
|
.Xr getfmac 8 ,
|
|
.Xr mac 9
|