Can the MAC procedures outlined in the handbook be used with the ZFS filesystem?
I was reading up on MAC in the handbook: https://docs.freebsd.org/en/books/handbook/book/#fs-acl I noticed it specifically mentioned UFS2. I was looking over the man pages for mac_biba and mac_bsdextended. Combined with this document on Biba: https://seclab.cs.ucdavis.edu/projects/history/papers/biba75.pdf I thought these concepts would work well for a system I am building. But, having used BSD for a while, I have adopted ZFS and use it routinely. Can these mac commands be used reliably within the ZFS filesystem?
Looking at this documentation for OpenZFS, I saw some properties which mentioned "acl" in their names, but I have never used them or seen them before.
REF: https://openzfs.github.io/openzfs-docs/man/v2.2/8/zfs.8.html?highlight=acl
Can one build zpools and datasets using zfs commands, but then restrict access to files within the system using MAC like mac_biba or mac_bsdextended?
Any help you might offer would be appreciated. Thanks.
I was reading up on MAC in the handbook: https://docs.freebsd.org/en/books/handbook/book/#fs-acl I noticed it specifically mentioned UFS2. I was looking over the man pages for mac_biba and mac_bsdextended. Combined with this document on Biba: https://seclab.cs.ucdavis.edu/projects/history/papers/biba75.pdf I thought these concepts would work well for a system I am building. But, having used BSD for a while, I have adopted ZFS and use it routinely. Can these mac commands be used reliably within the ZFS filesystem?
Looking at this documentation for OpenZFS, I saw some properties which mentioned "acl" in their names, but I have never used them or seen them before.
REF: https://openzfs.github.io/openzfs-docs/man/v2.2/8/zfs.8.html?highlight=acl
Can one build zpools and datasets using zfs commands, but then restrict access to files within the system using MAC like mac_biba or mac_bsdextended?
Any help you might offer would be appreciated. Thanks.