Index: mac_portacl.c   
===================================================================
--- mac_portacl.c   
+++ mac_portacl.c   
@@ -103,9 +103,13 @@
 SYSCTL_INT(_security_mac_portacl, OID_AUTO, port_high, CTLFLAG_RWTUN,
     &portacl_port_high, 0, "Highest port to enforce for");

+static int    portacl_gid_only = 0;
+SYSCTL_INT(_security_mac_portacl, OID_AUTO, gid_only, CTLFLAG_RW,
+    &portacl_gid_only, 0, "Check only given gid");
+
 static MALLOC_DEFINE(M_PORTACL, "portacl_rule", "Rules for mac_portacl");

-#define    MAC_RULE_STRING_LEN    1024
+#define    MAC_RULE_STRING_LEN    2621500

 #define    RULE_GID    1
 #define    RULE_UID    2
@@ -442,6 +446,10 @@
     if (portacl_enabled == 0)
         return (0);

+    /* Gid only check */
+    if (portacl_gid_only != 0 && cred->cr_gid != portacl_gid_only)
+        return (0);
+
     /* Only interested in IPv4 and IPv6 sockets. */
     if (so->so_proto->pr_domain->dom_family != PF_INET &&
         so->so_proto->pr_domain->dom_family != PF_INET6)