Партнёры:
Хостинг:
mac.conf - format of the MAC library configuration file
Currently, the implementation supports two syntax styles for label element declaration. The old (deprecated) syntax consists of a single line with two fields separated by white space: the object class name, and a list of label elements as used by the mac_prepare3 library calls prior to an application invocation of a function from mac_get3.
The newer more preferred syntax consists of three fields separated by white space: the label group, object class name and a list of label elements.
Label element names may optionally begin with a `?' symbol to indicate that a failure to retrieve the label element for an object should be silently ignored, and improves usability if the set of MAC policies may change over time.
# # Default label set to be used by simple MAC applications default_labels file ?biba,?lomac,?mls,?sebsd default_labels ifnet ?biba,?lomac,?mls,?sebsd default_labels process ?biba,?lomac,?mls,?partition,?sebsd default_labels socket ?biba,?lomac,?mls # # Deprecated (old) syntax default_file_labels ?biba,?mls,?sebsd default_ifnet_labels ?biba,?mls,?sebsd default_process_labels ?biba,?mls,partition,?sebsd
In this example, userland applications will attempt to retrieve Biba, MLS, and SEBSD labels for all object classes; for processes, they will additionally attempt to retrieve a Partition identifier. In all cases except the Partition identifier, failure to retrieve a label due to the respective policy not being present will be ignored.
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |