Beginning with FreeBSD 8.0, the default FreeBSD kernel
includes options MAC
. This means that
every module included with the MAC
framework may be loaded as a run-time kernel module. The
recommended method is to add the module name to
/boot/loader.conf
so that it will load
during boot. Each module also provides a kernel option
for those administrators who choose to compile their own
custom kernel.
Some modules support the use of labeling, which is
controlling access by enforcing a label such as “this is
allowed and this is not”. A label configuration file may
control how files may be accessed, network communication can be
exchanged, and more. The previous section showed how the
multilabel
flag could be set on file systems to
enable per-file or per-partition access control.
A single label configuration enforces only one label
across the system, that is why the tunefs
option is called multilabel
.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.