IFLABEL(1M) IFLABEL(1M)
NAME
iflabel - configure network interface attributes
SYNOPSIS
/usr/etc/iflabel interface [args]
DESCRIPTION
iflabel is used to assign the security attributes of a network interface.
These include minimum, maximum, and default sensitivity and integrity and
default uid. iflabel is invoked at boot time from /etc/init.d/network to
set the attributes of each interface present on the machine to the values
specified in the corresponding /etc/config/iflabel-?.options file. The
administrator may also use it once the system is up to redefine an
interface's security attributes. The best way to do this is to edit the
/etc/config/iflabel-?.options file, then use the script
/etc/init.d/network to stop and restart the network. The interface
parameter is a string of the form ``name unit'', e.g., ``ec0''. (The -i
option to netstat(1) lists the interfaces on the machine.)
Only a user with CAP_NETWORK_MGT capability may modify the security
attributes of a network interface.
Here is a sample iflabel-1.options file:
attributes=msen,mint,uid
min_msen=msenlow
max_msen=msenhigh
min_mint=minthigh
max_mint=mintlow
dflt_msen=msentcsec,unclassified
dflt_mint=mintbiba,lowestgrade
dflt_uid=guest
FILES
/etc/config/iflabel-?.options
site-specific options (1 file per interface)
SEE ALSO
dominance(5), mac_to_text(3C), mlsfiles(4), netstat(1), rhost(1m),
samp(7p), satmp(7p), satmpd(1m), trusted_networking(7), tsix(7p).
Page 1