jail: document the mac.label parameter

In particular, we should provide a hint about mac.conf(5), since libjail
will just use the mac_prepare_type(3) API to provide a reasonably sane
interface for system administrators.  Progammers wanting to fetch an
arbitrary MAC label would need to bypass libjail and use jail_get(2)
directly with their own prepared `struct mac`.

Differential Revision:	https://reviews.freebsd.org/D54067
This commit is contained in:
Kyle Evans
2025-12-03 19:45:56 -06:00
parent db3b39f063
commit 1e8c28712a
2 changed files with 15 additions and 2 deletions
+3 -1
View File
@@ -28,7 +28,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.Dd December 30, 2024 .Dd January 15, 2026
.Dt MAC 4 .Dt MAC 4
.Os .Os
.Sh NAME .Sh NAME
@@ -165,6 +165,7 @@ and modifying its MAC policy label.
.Bl -column "user (by login class)" "Xr setfmac 8 , Xr setfsmac 8" -offset indent .Bl -column "user (by login class)" "Xr setfmac 8 , Xr setfsmac 8" -offset indent
.It Sy "Subject/Object" Ta Sy "Utility" .It Sy "Subject/Object" Ta Sy "Utility"
.It "File system object" Ta Xr setfmac 8 , Xr setfsmac 8 .It "File system object" Ta Xr setfmac 8 , Xr setfsmac 8
.It Jail Ta Xr jail 8
.It "Network interface" Ta Xr ifconfig 8 .It "Network interface" Ta Xr ifconfig 8
.It "TTY (by login class)" Ta Xr login.conf 5 .It "TTY (by login class)" Ta Xr login.conf 5
.It "User (by login class)" Ta Xr login.conf 5 .It "User (by login class)" Ta Xr login.conf 5
@@ -221,6 +222,7 @@ man page.
.Xr mac_test 4 , .Xr mac_test 4 ,
.Xr login.conf 5 , .Xr login.conf 5 ,
.Xr maclabel 7 , .Xr maclabel 7 ,
.Xr jail 8 ,
.Xr getfmac 8 , .Xr getfmac 8 ,
.Xr getpmac 8 , .Xr getpmac 8 ,
.Xr setfmac 8 , .Xr setfmac 8 ,
+12 -1
View File
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.Dd November 13, 2025 .Dd December 4, 2025
.Dt JAIL 8 .Dt JAIL 8
.Os .Os
.Sh NAME .Sh NAME
@@ -503,6 +503,15 @@ pseudo-parameter set.
The ID of the cpuset associated with this jail (read-only). The ID of the cpuset associated with this jail (read-only).
.It Va dying .It Va dying
This is true if the jail is in the process of shutting down (read-only). This is true if the jail is in the process of shutting down (read-only).
.It Va mac.label
The
.Xr mac 3
label associated with this jail.
Note that a
.Dq jail
entry in
.Xr mac.conf 5
may need to be configured in order to retrieve the MAC label.
.It Va parent .It Va parent
The The
.Va jid .Va jid
@@ -1550,6 +1559,7 @@ environment of the first jail.
.Xr clock_settime 2 , .Xr clock_settime 2 ,
.Xr jail_set 2 , .Xr jail_set 2 ,
.Xr ntp_adjtime 2 , .Xr ntp_adjtime 2 ,
.Xr mac 3 ,
.Xr devfs 4 , .Xr devfs 4 ,
.Xr fdescfs 4 , .Xr fdescfs 4 ,
.Xr linprocfs 4 , .Xr linprocfs 4 ,
@@ -1557,6 +1567,7 @@ environment of the first jail.
.Xr procfs 4 , .Xr procfs 4 ,
.Xr vmm 4 , .Xr vmm 4 ,
.Xr jail.conf 5 , .Xr jail.conf 5 ,
.Xr mac.conf 5 ,
.Xr rc.conf 5 , .Xr rc.conf 5 ,
.Xr sysctl.conf 5 , .Xr sysctl.conf 5 ,
.Xr bsdconfig 8 , .Xr bsdconfig 8 ,