Hello, I try to make a bsdextended mac policy and when I add the following rule, I can't login with a simple user: ugidfw add subject not uid root object uid root mode rx This rule is for protecting root's files from others in any case. And I've got the following message: /libexec/ld-els.so.1: Cannot fstat "/lib/libedit.so.4" Jun 27 10:36:25 localhost login: _secure_path: cannot stat /etc/login.conf: Permission denied What's wrong? Btw, could somebody tell what the a mode means in bsdextended rules? Thanks, G?bor K?vesd?n
On Mon, Jun 27, 2005 at 10:45:35AM +0200, K?vesd?n G?bor wrote:> Hello, > > I try to make a bsdextended mac policy and when I add the following > rule, I can't login with a simple user: > > ugidfw add subject not uid root object uid root mode rxI think you'll need to allow stat permission too - say "rxs" not just "rx". You may also want to think about what this rule does to /tmp. David.