MandatoryAccessControl - FreeBSD Wiki

Mandatory Access Control

Introduction

The Mandatory Access Control (MAC) framework provides an intuitive API to managing access control to kernel objects.

How It Works

Through the use of MAC entry points through-out the system, composition of kernel discretionary access control decisions may be modified and/or monitored through MAC modules.

The MAC framework also facilitates communication between MAC modules and the rest of the system (including user-space) through MAC labels (covering file descriptors to individual mbuf's) and other entry points (such as mac_syscall, a multiplexed system call of sorts).

Documentation

Mandatory Access Control (FreeBSD Handbook: Chapter 16)
The TrustedBSD Mandatory Access Control Framework (FreeBSD Architecture Handbook)
FreeBSD mac(4) Manual Page: Mandatory Access Control

Tutorials

Mandatory Access Control Extended Tutorial (networksynapse.net)

Part 1: The MAC Framework
Part 2: MAC Processes
Part 3: MAC BIBA Policy

More Information

TrustedBSD
TrustedBSD: MAC Project Page

CategorySecurity