mac_portacl management utility?

[Savagedlight]

The mac_portacl(4) man page states that all rules are to be added to the security.mac.portacl.rules sysctl.
Example:
# sysctl security.mac.portacl.rules="[color="DimGray"]uid:80:tcp:80[/color],[color="DarkRed"]uid:68:tcp:110[/color]"

This is okay for a small set of rules, but it would get pretty unreadable once you get more than a dozen rules in there.

Therefore, I'm wondering if anyone know of a management utility for mac_portacl(4)?

If there is none, I'll look into making a RC script and a simple sh script for viewing/altering the rules.

 

[cpm@]

Check out this old post, you could contact with TrustedBSD staff for be aware about latest implementations as this one that you request right now

Likewise, for the portacl module, it would be useful to have a more general rule mechanism that can be managed using a tool rather than a sysctl, which makes it harder to manage.

*EDIT*

Also, I found a explanatory tutorial about Mandatory Access Control (MAC), indeed, it's worth reading as complement of documented Chapter 17 in the FreeBSD Handbook.

 

[Savagedlight]

Thank you for the information.
It looks like I'll have to poke at this a little further down the road.

 

[cpm@]

Check out sysutils/eiciel. Why his author developed this tool?

Traditionally, tools to manage file ACL entries have been setfacl(1) and getfacl(1). Those are command-line tools and some people can feel uncomfortable using them.

I hope this will encourage you to write a mac_portacl(4) editor