jail: document the mac.label parameter
In particular, we should provide a hint about mac.conf(5), since libjail will just use the mac_prepare_type(3) API to provide a reasonably sane interface for system administrators. Progammers wanting to fetch an arbitrary MAC label would need to bypass libjail and use jail_get(2) directly with their own prepared `struct mac`. Differential Revision: https://reviews.freebsd.org/D54067
This commit is contained in:
@@ -28,7 +28,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd December 30, 2024
|
.Dd January 15, 2026
|
||||||
.Dt MAC 4
|
.Dt MAC 4
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@@ -165,6 +165,7 @@ and modifying its MAC policy label.
|
|||||||
.Bl -column "user (by login class)" "Xr setfmac 8 , Xr setfsmac 8" -offset indent
|
.Bl -column "user (by login class)" "Xr setfmac 8 , Xr setfsmac 8" -offset indent
|
||||||
.It Sy "Subject/Object" Ta Sy "Utility"
|
.It Sy "Subject/Object" Ta Sy "Utility"
|
||||||
.It "File system object" Ta Xr setfmac 8 , Xr setfsmac 8
|
.It "File system object" Ta Xr setfmac 8 , Xr setfsmac 8
|
||||||
|
.It Jail Ta Xr jail 8
|
||||||
.It "Network interface" Ta Xr ifconfig 8
|
.It "Network interface" Ta Xr ifconfig 8
|
||||||
.It "TTY (by login class)" Ta Xr login.conf 5
|
.It "TTY (by login class)" Ta Xr login.conf 5
|
||||||
.It "User (by login class)" Ta Xr login.conf 5
|
.It "User (by login class)" Ta Xr login.conf 5
|
||||||
@@ -221,6 +222,7 @@ man page.
|
|||||||
.Xr mac_test 4 ,
|
.Xr mac_test 4 ,
|
||||||
.Xr login.conf 5 ,
|
.Xr login.conf 5 ,
|
||||||
.Xr maclabel 7 ,
|
.Xr maclabel 7 ,
|
||||||
|
.Xr jail 8 ,
|
||||||
.Xr getfmac 8 ,
|
.Xr getfmac 8 ,
|
||||||
.Xr getpmac 8 ,
|
.Xr getpmac 8 ,
|
||||||
.Xr setfmac 8 ,
|
.Xr setfmac 8 ,
|
||||||
|
|||||||
+12
-1
@@ -26,7 +26,7 @@
|
|||||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
.\" SUCH DAMAGE.
|
.\" SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd November 13, 2025
|
.Dd December 4, 2025
|
||||||
.Dt JAIL 8
|
.Dt JAIL 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@@ -503,6 +503,15 @@ pseudo-parameter set.
|
|||||||
The ID of the cpuset associated with this jail (read-only).
|
The ID of the cpuset associated with this jail (read-only).
|
||||||
.It Va dying
|
.It Va dying
|
||||||
This is true if the jail is in the process of shutting down (read-only).
|
This is true if the jail is in the process of shutting down (read-only).
|
||||||
|
.It Va mac.label
|
||||||
|
The
|
||||||
|
.Xr mac 3
|
||||||
|
label associated with this jail.
|
||||||
|
Note that a
|
||||||
|
.Dq jail
|
||||||
|
entry in
|
||||||
|
.Xr mac.conf 5
|
||||||
|
may need to be configured in order to retrieve the MAC label.
|
||||||
.It Va parent
|
.It Va parent
|
||||||
The
|
The
|
||||||
.Va jid
|
.Va jid
|
||||||
@@ -1550,6 +1559,7 @@ environment of the first jail.
|
|||||||
.Xr clock_settime 2 ,
|
.Xr clock_settime 2 ,
|
||||||
.Xr jail_set 2 ,
|
.Xr jail_set 2 ,
|
||||||
.Xr ntp_adjtime 2 ,
|
.Xr ntp_adjtime 2 ,
|
||||||
|
.Xr mac 3 ,
|
||||||
.Xr devfs 4 ,
|
.Xr devfs 4 ,
|
||||||
.Xr fdescfs 4 ,
|
.Xr fdescfs 4 ,
|
||||||
.Xr linprocfs 4 ,
|
.Xr linprocfs 4 ,
|
||||||
@@ -1557,6 +1567,7 @@ environment of the first jail.
|
|||||||
.Xr procfs 4 ,
|
.Xr procfs 4 ,
|
||||||
.Xr vmm 4 ,
|
.Xr vmm 4 ,
|
||||||
.Xr jail.conf 5 ,
|
.Xr jail.conf 5 ,
|
||||||
|
.Xr mac.conf 5 ,
|
||||||
.Xr rc.conf 5 ,
|
.Xr rc.conf 5 ,
|
||||||
.Xr sysctl.conf 5 ,
|
.Xr sysctl.conf 5 ,
|
||||||
.Xr bsdconfig 8 ,
|
.Xr bsdconfig 8 ,
|
||||||
|
|||||||
Reference in New Issue
Block a user