mac questions: stopping root from reading /home && mac_biba stops clean shutdown
From: Mathias Picker (Mathias.Picker_at_gmx.de)
Date: 02/26/05
- Previous message: Alexander Leidinger: "Re: periodic/security/550.ipfwlimit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Feb 2005 16:06:08 +0100 To: freebsd-security@freebsd.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I just try to understand the concepts and possiblities behind the mac
framework. After days of puzzling I found one puzzling behaviour and
still have one immediate question (this is on 5-stable)
- - when I enable mac_biba, set root to biba/equal (or any value,
actually), and do a setfmac -R biba/equal / I expect biba to be
activated without any change to the system behaviour. This seems to be
correct, safe for one detail: the system does not shutdown cleanly: it
syncs, but never gets to power down or reboot and the disks are not
marked clean, so fsck run on next boot.
Is this an expected behaviour??
- - What is the easiest way to block root from reading /home once the
system is in multiuser....
Thanks for any hints, tips, links to background info about biba + mls
Mathias
P.S.: bsdextended does not block root from anything, right??
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCIJBgSnKsATEFgwERAk+TAJ9tpmGVlY7W+OcIxj9q4vGqfTTkkgCfTWmK
0/myndlVB1DTfXAFHkxht5g=
=vIgR
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Alexander Leidinger: "Re: periodic/security/550.ipfwlimit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
