# mac_portacl management utility?



## Savagedlight (Mar 25, 2013)

The mac_portacl(4) man page states that all rules are to be added to the security.mac.portacl.rules sysctl. 
Example:
`# sysctl security.mac.portacl.rules="[color="DimGray"]uid:80:tcp:80[/color],[color="DarkRed"]uid:68:tcp:110[/color]"`

This is okay for a small set of rules, but it would get pretty unreadable once you get more  than a dozen rules in there.

Therefore, I'm wondering if anyone know of a management utility for mac_portacl(4)?

If there is none, I'll look into making a RC script and a simple sh script for viewing/altering the rules.


----------



## cpm@ (Mar 26, 2013)

Check out  this old post, you could contact with TrustedBSD staff for be aware about latest implementations as this one that you request right now 


> Likewise, for the portacl module, it would be useful to have a more general rule mechanism that can be managed using a tool rather than a sysctl, which makes it harder to manage.


**EDIT**

Also, I found a explanatory tutorial about Mandatory Access Control (MAC), indeed, it's worth reading as complement of documented Chapter 17 in the FreeBSD Handbook.


----------



## Savagedlight (Mar 30, 2013)

Thank you for the information. 
It looks like I'll have to poke at this a little further down the road.


----------



## cpm@ (Apr 2, 2013)

Check out sysutils/eiciel. Why his author developed this tool?


> Traditionally, tools to manage file ACL entries have been setfacl(1) and getfacl(1). Those are command-line tools and some people can feel uncomfortable using them.



I hope this will encourage you to write a mac_portacl(4) editor


----------

