I notice that there aren't any threads asking about how to get MAC labels to work with ZFS in this forum; however, it's something I've been trying to figure out. Apparently there is no MAC label support in ZFS, but the mount system itself does support MAC. You can therefore call mount with the appropriate MAC process label when mounting the pool (rather than calling
Kevin Barry
# zfs mount ...,) which will apply to the entire filesystem if it doesn't support MAC labels. For example, if you have a pool named "data", you can # setpmac mls/high mount -t zfs data /data to have the filesystem treated as mls/high, vs. the default mls/low. Unfortunately, this isn't "root safe" because even if you set the corresponding devices and /dev/zfs to mls/high, mount will ignore the MAC labels of the devices when used with ZFS.Kevin Barry