The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=1e8c28712aafc9a3339e8a832767a70c08168bdc
commit 1e8c28712aafc9a3339e8a832767a70c08168bdc Author: Kyle Evans <[email protected]> AuthorDate: 2025-12-04 01:45:56 +0000 Commit: Kyle Evans <[email protected]> CommitDate: 2026-01-16 00:23:40 +0000 jail: document the mac.label parameter In particular, we should provide a hint about mac.conf(5), since libjail will just use the mac_prepare_type(3) API to provide a reasonably sane interface for system administrators. Progammers wanting to fetch an arbitrary MAC label would need to bypass libjail and use jail_get(2) directly with their own prepared `struct mac`. Differential Revision: https://reviews.freebsd.org/D54067 --- share/man/man4/mac.4 | 4 +++- usr.sbin/jail/jail.8 | 13 ++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/share/man/man4/mac.4 b/share/man/man4/mac.4 index 2e2abbdb2c06..d7ae30a1bac4 100644 --- a/share/man/man4/mac.4 +++ b/share/man/man4/mac.4 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 30, 2024 +.Dd January 15, 2026 .Dt MAC 4 .Os .Sh NAME @@ -165,6 +165,7 @@ and modifying its MAC policy label. .Bl -column "user (by login class)" "Xr setfmac 8 , Xr setfsmac 8" -offset indent .It Sy "Subject/Object" Ta Sy "Utility" .It "File system object" Ta Xr setfmac 8 , Xr setfsmac 8 +.It Jail Ta Xr jail 8 .It "Network interface" Ta Xr ifconfig 8 .It "TTY (by login class)" Ta Xr login.conf 5 .It "User (by login class)" Ta Xr login.conf 5 @@ -221,6 +222,7 @@ man page. .Xr mac_test 4 , .Xr login.conf 5 , .Xr maclabel 7 , +.Xr jail 8 , .Xr getfmac 8 , .Xr getpmac 8 , .Xr setfmac 8 , diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index 6098010ebbc4..45eb7dea096d 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd November 13, 2025 +.Dd December 4, 2025 .Dt JAIL 8 .Os .Sh NAME @@ -503,6 +503,15 @@ pseudo-parameter set. The ID of the cpuset associated with this jail (read-only). .It Va dying This is true if the jail is in the process of shutting down (read-only). +.It Va mac.label +The +.Xr mac 3 +label associated with this jail. +Note that a +.Dq jail +entry in +.Xr mac.conf 5 +may need to be configured in order to retrieve the MAC label. .It Va parent The .Va jid @@ -1550,6 +1559,7 @@ environment of the first jail. .Xr clock_settime 2 , .Xr jail_set 2 , .Xr ntp_adjtime 2 , +.Xr mac 3 , .Xr devfs 4 , .Xr fdescfs 4 , .Xr linprocfs 4 , @@ -1557,6 +1567,7 @@ environment of the first jail. .Xr procfs 4 , .Xr vmm 4 , .Xr jail.conf 5 , +.Xr mac.conf 5 , .Xr rc.conf 5 , .Xr sysctl.conf 5 , .Xr bsdconfig 8 ,
