Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ mac_label_defs(4M) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

macd(1M)



mac_defs(4M)             DG/UX B2 Security R4.12MU02            mac_defs(4M)


NAME
       macdefs, maclabeldefs, macaliasdefs - mac alias definitions

DESCRIPTION
       macd requires both maclabeldefs and macaliasdefs.

       The maclabeldefs file defines:

            1) the current MAC label type,
            2) each hierarchy name, its abbreviation and value,
            3) each category name, its abbreviation and value,
            4) the basic system defined MAC label aliases.

       The MAC label type field is reserved for future use by Data General;
       its default value is 1.  Hierarchy, category and alias names and
       abbreviations must be unique.  Hierarchy and category names must map
       to unique values, but more than one MAC label alias can map to the
       same MAC label.

       NOTE:  MAC label aliases must be unique.  If they are not unique, or
              if any other error is present in the MAC alias files, then
              macd will fail the next time it reads these files.  To ensure
              that the MAC aliases are valid, either use the sysadm
              functions to update these files, or use the macd -V option to
              verify the files prior to invoking macd with them.

       maclabeldefs file syntax is as follows:

       Comments begin with a number sign (#) and end at the end of the line.

       The first section defines the MAC label type and begins with *type.
       The next line must contain a decimal number indicating the current
       MAC label type.

       The second section defines the MAC hierarchies and begins with
       *hierarchy.  Subsequent lines have the following format:

            hier hierabbrev hiervalue

       where hier is the full hierarchy name, hierabbrev is the hierarchy
       name abbreviation, and hiervalue is a positive decimal number (or
       zero) within the range of the currently valid hierarchies.

       The following are examples of hierarchy definitions:

       TOPSECRET      TS      125
       SECRET          SEC     100
       CONFIDENTIAL    CONF    75
       UNCLASSIFIED    UNCLASS 50

       The third section defines the MAC categories and begins with
       *category.  Subsequent lines have the following format:

            cat catabbrev decimalvalue

       where cat is the full category name, catabbrev is the category name
       abbreviation, and catvalue is a positive decimal number (or zero)
       within the range of the currently valid categories.

       The following are examples of hierarchy definitions:

       FINANCE         FIN     2
       MEDICAL         MED     4
       PERSONNEL       PERS    6
       ROSTER          ROS     7
       INS             IN      21
       PIPES           PI      88
       BOB             BB      99
       ANTENNAS        ANTS    100

       The fourth and final section defines the basic MAC label aliases and
       begins with *general.  Subsequent lines have the following format:

            alias aliasabbrev MAClabeldefn

       where alias is the full MAC label alias, aliasabbrev is the MAC
       label alias abbreviation and MAClabeldefn is:

            hier|alias  catdefn

       where catdefn is:

            : catalias  [ catdefn ]
            :( catalias { , catalias } ) [ catdefn ]

       where catalias is:

               NONE
               ALL
               cat

       The following are examples of MAC label alias definitions:

       SESSIONHI      SESHI TOPSECRET:ALL
       SESSIONLO      SESLO UNCLASSIFIED:NONE

       HUMANRESOURCES HR     CONFIDENTIAL:(FINANCE,MEDICAL,PERSONNEL,ROSTER)
       ALIENRESOURCES AR     SECRET:INS:(PIPES,BOB):ANTENNAS

       where TOPSECRET, UNCLASSIFIED, CONFIDENTIAL, and SECRET are
       previously defined hierarchy names, and FINANCE, MEDICAL, PERSONNEL,
       ROSTER, INS, PIPES, BOB, and ANTENNAS are previously defined category
       names.

       NOTE:  A hierarchy alias by itself considered to be shorthand for the
              MAC label definition hier:NONE.  The following aliases
              describe the same MAC label:

                      SESSIONLO
                      SESLO
                      UNCLASSIFIED:NONE
                      UNCLASS:NONE
                      UNCLASSIFIED
                      UNCLASS

       The macaliasdefs file defines additional MAC label aliases which
       are more subject to change than the definitions in maclabeldefs.
       The macaliasdefs file has no labeled sections.  Its syntax allows
       comments and MAC label definitions.

FILES
       /etc/tcb/mac/maclabeldefs       MAC label definitions file
       /etc/tcb/mac/macaliasdefs       MAC alias definitions file

SEE ALSO
       macd(1M).

NOTES AND WARNINGS
       It is strongly recommended that once the system administrator has
       fixed an initial version of MAC definitions in maclabeldefs and
       macaliasdefs, he only add new hierarchy, category, and alias
       definitions to the existing ones.  It is possible to delete aliases
       in macaliasdefs unconditionally.  It is also possible to delete
       hierarchies and categories from maclabeldefs provided you comment
       them out and do not reuse the values and eliminate all references to
       them.  Also note that objects which have MAC labels with categories
       that no longer exist are accessible only by appropriately privileged
       subjects.


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026