FreeBSD includes experimental support for several mandatory access control policies,
as well as a framework for kernel security extensibility, the TrustedBSD MAC Framework.
The MAC Framework provides a pluggable access control framework, permitting new security
policies to be easily linked into the kernel, loaded at boot, or loaded dynamically at
run-time. The framework provides a variety of features to make it easier to implement new
policies, including the ability to easily tag security labels (such as confidentiality
information) onto system objects.
This chapter introduces the MAC policy framework and provides documentation for a
sample MAC policy module.
