jail: document the mac.label parameter

In particular, we should provide a hint about mac.conf(5), since libjail
will just use the mac_prepare_type(3) API to provide a reasonably sane
interface for system administrators.  Progammers wanting to fetch an
arbitrary MAC label would need to bypass libjail and use jail_get(2)
directly with their own prepared `struct mac`.

Differential Revision:	https://reviews.freebsd.org/D54067
This commit is contained in:
Kyle Evans
2025-12-03 19:45:56 -06:00
parent db3b39f063
commit 1e8c28712a
2 changed files with 15 additions and 2 deletions
+3 -1
View File
@@ -28,7 +28,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd December 30, 2024
.Dd January 15, 2026
.Dt MAC 4
.Os
.Sh NAME
@@ -165,6 +165,7 @@ and modifying its MAC policy label.
.Bl -column "user (by login class)" "Xr setfmac 8 , Xr setfsmac 8" -offset indent
.It Sy "Subject/Object" Ta Sy "Utility"
.It "File system object" Ta Xr setfmac 8 , Xr setfsmac 8
.It Jail Ta Xr jail 8
.It "Network interface" Ta Xr ifconfig 8
.It "TTY (by login class)" Ta Xr login.conf 5
.It "User (by login class)" Ta Xr login.conf 5
@@ -221,6 +222,7 @@ man page.
.Xr mac_test 4 ,
.Xr login.conf 5 ,
.Xr maclabel 7 ,
.Xr jail 8 ,
.Xr getfmac 8 ,
.Xr getpmac 8 ,
.Xr setfmac 8 ,
+12 -1
View File
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd November 13, 2025
.Dd December 4, 2025
.Dt JAIL 8
.Os
.Sh NAME
@@ -503,6 +503,15 @@ pseudo-parameter set.
The ID of the cpuset associated with this jail (read-only).
.It Va dying
This is true if the jail is in the process of shutting down (read-only).
.It Va mac.label
The
.Xr mac 3
label associated with this jail.
Note that a
.Dq jail
entry in
.Xr mac.conf 5
may need to be configured in order to retrieve the MAC label.
.It Va parent
The
.Va jid
@@ -1550,6 +1559,7 @@ environment of the first jail.
.Xr clock_settime 2 ,
.Xr jail_set 2 ,
.Xr ntp_adjtime 2 ,
.Xr mac 3 ,
.Xr devfs 4 ,
.Xr fdescfs 4 ,
.Xr linprocfs 4 ,
@@ -1557,6 +1567,7 @@ environment of the first jail.
.Xr procfs 4 ,
.Xr vmm 4 ,
.Xr jail.conf 5 ,
.Xr mac.conf 5 ,
.Xr rc.conf 5 ,
.Xr sysctl.conf 5 ,
.Xr bsdconfig 8 ,