Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

getmac(1)

secconfig(1)

setmac(1M)

mac_library(3)

mac_defs(4M)



macd(1M)                 DG/UX B2 Security R4.12MU02                macd(1M)


NAME
       macd - mandatory access control (MAC) server

SYNOPSIS
       /sbin/macd [-V [labeldef aliasdef]]

   where:
       labeldef  The specified MAC label definition file
       aliasdef  The specified MAC alias definition file

DESCRIPTION
       Macd is a server that provides MAC label-related services for DG/UX
       systems on which MAC is present [see secconfig(1)].

       Macd provides MAC label name translation and other services through
       the mac_library(3) functional interfaces and the getmac(1) and
       setmac(1M) commands.  macd ensures that it will never return any
       information to a subject (client) which is not completely dominated
       by that subject's current clearance.

       macd implicitly requires two files: /etc/tcb/mac/mac_label_defs and
       /etc/tcb/mac/mac_alias_defs.  macd should be started by init(1M) as a
       trusted_respawn action with no arguments.  Once macd is started, it
       writes any error messages to the system log.

   Option
       -V     Scan (verify) the specified MAC label and alias definition
              files, labeldef and aliasdef, for syntax errors, writing any
              errors to stderr.  If labeldef and aliasdef are not specified,
              macd scans the default MAC label and alias definition files,
              /etc/tcb/mac/mac_label_defs and /etc/tcb/mac/mac_alias_defs.
              macd -V does not provide any MAC related services; it can be
              used only to verify MAC label and alias syntax before any
              changes made to mac_label_defs or mac_alias_defs are put into
              effect.

              If macd -V writes nothing to stderr and returns exit code 0,
              then the MAC label and alias database has the correct syntax.

              If macd -V writes error messages to stderr and returns exit
              code 2, then the MAC label and alias database syntax must be
              corrected.

FILES
       /etc/mac_alias               macd command stream
       /etc/tcb/mac/mac_label_defs  MAC label definitions file
       /etc/tcb/mac/mac_alias_defs  MAC alias definitions file

SEE ALSO
       getmac(1), secconfig(1), setmac(1M), mac_library(3), mac_defs(4M).

NOTES AND WARNINGS
       If it is absolutely necessary to reinitialize macd after adding new
       hierarchies, categories and aliases to /etc/tcb/mac/mac_label_defs
       and /etc/tcb/mac/mac_alias_defs without rebooting the system, the
       system administrator can cycle macd by sending the macd process a
       SIGTERM signal: kill -15 <macd pid>

       If the MAC label and alias database has any syntax errors, then macd
       will in effect be disabled if restarted.  If macd is disabled on a
       system that has MAC, no one will be able to login into the system.
       It is therefore imperative to verify any changes to the label and
       alias database with macd -V before cycling macd or rebooting the
       system.

       Note that if the numeric values for hierarchies and/or categories
       used as binary labels on objects are redefined or removed from the
       alias database, this this will cause the binary labels to be changed
       in semantics, or to be nontranslatable to human-readable form.  Great
       care must be taken when modifying /etc/tcb/mac/mac_label_defs.


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026