diff options
author | chris <chris@FreeBSD.org> | 2003-03-13 23:04:05 +0000 |
---|---|---|
committer | chris <chris@FreeBSD.org> | 2003-03-13 23:04:05 +0000 |
commit | baf48a918c46ce3ed91dae2deed0ad5b8bb243c7 (patch) | |
tree | 719a8bb2449d2b97dfdfe38c94607e95849ac694 /usr.sbin/setfmac | |
parent | 45f198fa9bd709bf918772d388dbbbf8df4983ac (diff) | |
download | FreeBSD-src-baf48a918c46ce3ed91dae2deed0ad5b8bb243c7.zip FreeBSD-src-baf48a918c46ce3ed91dae2deed0ad5b8bb243c7.tar.gz |
Break setfmac.8 into two actual man pages, and reword bits of the
setfsmac(8) documentation.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'usr.sbin/setfmac')
-rw-r--r-- | usr.sbin/setfmac/Makefile | 4 | ||||
-rw-r--r-- | usr.sbin/setfmac/setfmac.8 | 66 | ||||
-rw-r--r-- | usr.sbin/setfmac/setfsmac.8 | 116 |
3 files changed, 120 insertions, 66 deletions
diff --git a/usr.sbin/setfmac/Makefile b/usr.sbin/setfmac/Makefile index e7171f7..c262fb6 100644 --- a/usr.sbin/setfmac/Makefile +++ b/usr.sbin/setfmac/Makefile @@ -1,13 +1,11 @@ # $FreeBSD$ PROG= setfmac -MAN= setfmac.8 +MAN= setfmac.8 setfsmac.8 SRCS= setfmac.c LINKS+= ${BINDIR}/setfmac ${BINDIR}/setfsmac -MLINKS+= setfmac.8 setfsmac.8 - WARNS?= 2 .include <bsd.prog.mk> diff --git a/usr.sbin/setfmac/setfmac.8 b/usr.sbin/setfmac/setfmac.8 index 559948f..98e5f44 100644 --- a/usr.sbin/setfmac/setfmac.8 +++ b/usr.sbin/setfmac/setfmac.8 @@ -29,23 +29,17 @@ .\" SUCH DAMAGE. .\" .\" $FreeBSD$ -.Dd June 27, 2002 +.Dd March 13, 2003 .Dt SETFMAC 8 .Os .Sh NAME -.Nm setfmac , -.Nm setfsmac +.Nm setfmac .Nd set MAC label for a file system object .Sh SYNOPSIS .Nm setfmac .Op Fl hR .Ar label .Ar -.Nm setfsmac -.Op Fl ehvx -.Op Fl f Ar specfile -.Op Fl s Ar specfile -.Ar .Sh DESCRIPTION The .Nm setfmac @@ -59,61 +53,6 @@ just the files themselves. If the file is a symbolic link, change the label of the link rather than the file that the link points to. .El -.Pp -The -.Nm setfsmac -utility accepts a list of specification files as input and sets the MAC -labels on the specified file system hierarchies. -Path names specified will be visited in order as given on the command line, -and each tree will be traversed in pre-order. -(Generally, it will not be very useful to use relative, instead of absolute, -paths.) -The labels that match a file will be combined and set in a single -transaction. -.Pp -The following options are available: -.Bl -tag -width indent -.It Fl e -Treat any file systems encountered which do not support MAC labelling as -errors, instead of warning and skipping past them. -.It Fl f Ar specfile -Add the specifications in -.Ar specfile -as a set of which at most one will be applied to each file traversed per -.Fl f Ar specfile -given. -.It Fl h -If the file is a symbolic link, change the label of the link rather -than the file that the link points to. -.It Fl s Ar specfile -Add the specification in -.Ar specfile , -but assume that the specification format is that used in the port -of -.Tn SELinux -to -.Fx , -.Tn SEBSD . -At most one of the specifications will be applied to each file traversed per -.Fl f Ar specfile -given. -The prefix -.Dq Li sebsd/ -will automatically be prepended to the labels in this file, and labels -matching -.Dq Li <<none>> -will be explicitly not relabeled. -This permits SEBSD to re-use existing -.Tn SELinux -policy specification files -unmodified. -.It Fl v -Increase the degree of verbosity. -When given, information detailing the labelling operation is printed while -in progress. -.It Fl x -Do not cross recurse into new file systems when traversing them. -.El .Sh SEE ALSO .Xr mac 3 , .Xr mac_set_file 3 , @@ -121,4 +60,5 @@ Do not cross recurse into new file systems when traversing them. .Xr mac 4 , .Xr re_format 7 , .Xr getfmac 8 , +.Xr setfsmac 8 , .Xr mac 9 diff --git a/usr.sbin/setfmac/setfsmac.8 b/usr.sbin/setfmac/setfsmac.8 new file mode 100644 index 0000000..cff9bec --- /dev/null +++ b/usr.sbin/setfmac/setfsmac.8 @@ -0,0 +1,116 @@ +.\" Copyright (c) 2003 Networks Associates Technology, Inc. +.\" All rights reserved. +.\" +.\" This software was developed for the FreeBSD Project by Chris Costello +.\" at Safeport Network Services and Network Associates Labs, the +.\" Security Research Division of Network Associates, Inc. under +.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +.\" DARPA CHATS research program. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.Dd March 13, 2003 +.Os +.Dt SETFSMAC 8 +.Sh NAME +.Nm setfsmac +.Nd set MAC label for a file hierarchy +.Sh SYNOPSIS +.Nm +.Op Fl ehvx +.Op Fl f Ar specfile +.Op Fl s Ar specfile +.Ar path ... +.Sh DESCRIPTION +The +.Nm +utility accepts a list of specification files as input and sets the MAC +labels on the specified file system hierarchies. +Path names specified will be visited in order as given in the command +line, and each tree will be traversed in pre-order. +(Generally, it will not be very useful to use relative paths instead of +absolute paths.) +Multiple entries matching a single file will be combined and applied in +a single transaction. +.Pp +The following options are available: +.Bl -tag -width indent +.It Fl e +Treat any file systems encountered which do not support MAC labelling as +errors, instead of warning and skipping them. +.It Fl f Ar specfile +Apply the specifications in +.Ar specfile +to the specified paths. +.\" XXX +.Bf -emphasis +NOTE: Only the first entry for each file is applied; +all others are disregarded and silently dropped. +.Ef +Multiple +.Fl f +arguments may be specified to include multiple +specification files. +.It Fl h +When a symbolic link is encountered, change the label of the link rather +than the file the link points to. +.It Fl s Ar specfile +Apply the specifications in +.Ar specfile , +but assume the specification format is compatible with the SELinux +.Ar specfile +format. +.\" XXX +.Bf -emphasis +NOTE: Only the first entry for each file is applied; +all others are disregarded and silently dropped. +.Ef +The prefix +.Dq sebsd/ +will be automatically prepended to the labels in +.Ar specfile . +Labels matching +.Dq <<none>> +will be explicitly not relabeled. +This permits SEBSD to reuse existing SELinux policy specification files. +.It Fl v +Increase the degree of verbosity. +.It Fl x +Do not recurse into new file systems when traversing them. +.El +.Sh AUTHORS +This software was contributed to the +.Fx +Project by Network Associates Labs, +the Security Research Division of Network Associates +Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), +as part of the DARPA CHATS research program. +.Sh SEE ALSO +.Xr mac 3 , +.Xr mac_set_file 3 , +.Xr mac_set_link 3 , +.Xr mac 4 , +.Xr re_format 7 , +.Xr getfmac 8 , +.Xr setfmac 8 , +.Xr mac 9 |