Mathias Picker
2005-Feb-26 15:10 UTC
mac questions: stopping root from reading /home && mac_biba stops clean shutdown
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just try to understand the concepts and possiblities behind the mac framework. After days of puzzling I found one puzzling behaviour and still have one immediate question (this is on 5-stable) - - when I enable mac_biba, set root to biba/equal (or any value, actually), and do a setfmac -R biba/equal / I expect biba to be activated without any change to the system behaviour. This seems to be correct, safe for one detail: the system does not shutdown cleanly: it syncs, but never gets to power down or reboot and the disks are not marked clean, so fsck run on next boot. Is this an expected behaviour?? - - What is the easiest way to block root from reading /home once the system is in multiuser.... Thanks for any hints, tips, links to background info about biba + mls Mathias P.S.: bsdextended does not block root from anything, right?? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCIJBgSnKsATEFgwERAk+TAJ9tpmGVlY7W+OcIxj9q4vGqfTTkkgCfTWmK 0/myndlVB1DTfXAFHkxht5g=vIgR -----END PGP SIGNATURE-----
Maybe Matching Threads
Wisdom of the Ancients
