The MAC (Mandatory Access Control) framework provides an intuitive API to managing access control to kernel objects. Through the use of MAC entry points littered through-out the system, composition of kernel discretionary access control decisions may be modified and/or monitored through MAC modules. The MAC framework also facilitates inter-communication between MAC modules and the rest of the system (including user-space) through MAC labels (covering file descriptors to individual mbuf's) and other entry points (such as mac_syscall, a multiplexed system call of sorts). More information can be found in the FreeBSD Architecture Handbook.

MAC (last edited 2008-06-17 21:37:17 by localhost)