SETFSMAC(8) BSD System Manager's Manual SETFSMAC(8)NAMEsetfsmac — set MAC label for a file hierarchy
SYNOPSISsetfsmac [-ehqvx] [-f specfile] ... [-s specfile] ... file ...
DESCRIPTION
The setfsmac utility accepts a list of specification files as input and
sets the MAC labels on the specified file system hierarchies. Path names
specified will be visited in order as given on the command line, and each
tree will be traversed in pre-order. (Generally, it will not be very
useful to use relative paths instead of absolute paths.) Multiple
entries matching a single file will be combined and applied in a single
transaction.
The following options are available:
-e Treat any file systems encountered which do not support MAC
labelling as errors, instead of warning and skipping them.
-f specfile
Apply the specifications in specfile to the specified paths.
NOTE: Only the first entry for each file is applied; all others
are disregarded and silently dropped. Multiple -f arguments may
be specified to include multiple specification files.
-h When a symbolic link is encountered, change the label of the link
rather than the file the link points to.
-q Do not print non-fatal warnings during execution.
-s specfile
Apply the specifications in specfile, but assume the specifica‐
tion format is compatible with the SELinux specfile format.
NOTE: Only the first entry for each file is applied; all others
are disregarded and silently dropped. The prefix “sebsd/” will
be automatically prepended to the labels in specfile. Labels
matching “<<none>>” will be explicitly not relabeled. This per‐
mits SEBSD to reuse existing SELinux policy specification files.
-v Increase the degree of verbosity.
-x Do not recurse into new file systems when traversing them.
FILES
/usr/share/security/lomac-policy.contexts Sample specfile containing
LOMAC policy entries.
EXAMPLES
See FILES.
SEE ALSOmac(3), mac_set_file(3), mac_set_link(3), mac(4), re_format(7),
getfmac(8), setfmac(8), mac(9)AUTHORS
This software was contributed to the FreeBSD Project by Network Asso‐
ciates Labs, the Security Research Division of Network Associates Inc.
under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the
DARPA CHATS research program.
BSD February 17, 2004 BSD