mac_sofi: a proof of concept MAC module

[Dewayne Geraghty]

Martin,
Would it be possible to expand on how SOFI is better/different to MAC
lomac?  As it seems that the testing program is the differentiator?

Aside: Also you may not be aware that system namespace extended
attributes do not function within a jail, though this is the same as the
rest of MAC.  I'm told that SELinux uses "security" and others use
"trusted" namespaces, perhaps for some future FreeBSD...?

Regards, Dewayne.