Mandatory Access Control


The Mandatory Access Control (MAC) framework provides an intuitive API to managing access control to kernel objects.

How It Works

Through the use of MAC entry points through-out the system, composition of kernel discretionary access control decisions may be modified and/or monitored through MAC modules.

The MAC framework also facilitates communication between MAC modules and the rest of the system (including user-space) through MAC labels (covering file descriptors to individual mbuf's) and other entry points (such as mac_syscall, a multiplexed system call of sorts).



Mandatory Access Control Extended Tutorial (

More Information


MandatoryAccessControl (last edited 2022-09-15T02:27:34+0000 by KubilayKocak)