Beginning with FreeBSD 8.0, the default FreeBSD kernel includes options MAC. This means that every module included with the MAC framework may be loaded as a run-time kernel module. The recommended method is to add the module name to /boot/loader.conf so that it will load during boot. Each module also provides a kernel option for those administrators who choose to compile their own custom kernel.
Some modules support the use of labeling, which is controlling access by enforcing a
label such as “this is allowed and this is not”. A label configuration file
may control how files may be accessed, network communication can be exchanged, and more.
The previous section showed how the multilabel flag could be
set on file systems to enable per-file or per-partition access control.
A single label configuration enforces only one label across the system, that is why
the tunefs option is called multilabel.
| Prev | Home | Next |
| Planning the Security Configuration | Up | The mac_seeotheruids(4) Module |