[Bug 281820] mdo: failed to call initgroups: Operation not permitted

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 281820] mdo: failed to call initgroups: Operation not permitted"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 07 Oct 2024 07:37:06 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281820

--- Comment #2 from Olivier Certner <olce@FreeBSD.org> ---
Hello Jose,

There are several code and conceptual problems in the current implementation of
mac_do(4), and I would advise not to use it in a production setup yet.

I have been working on a full revamp of it.  Prerequisite commits (about
general infrastructure changes) are already under review, and the bulk of if
(changes in mac_do(4)) proper will soon follow (an earlier version can be
globally seen at
https://github.com/freebsd/freebsd-src/compare/main...OlCe2:freebsd-src:oc-mac_do).
As you can see there, the format of the rules specification in
`security.mac.do.rules` has been changed.

Thanks and regards.

-- 
You are receiving this mail because:
You are the assignee for the bug.