make installworld, permissions and labels
markzero
mark at darklogik.org
Thu Apr 28 09:00:26 PDT 2005
> On Thu, 28 Apr 2005 14:10:17 +0100
> markzero <mark at darklogik.org> wrote:
>
> > Just a quick question,
>
> Hey, I know you! You called me an asshole! But it was funny. :)
Hehe, sorry about that. I was young and stupid. ;)
It's a small world isn't it?
> Anyway Mark,
>
> > My system is quite heavily customised with regard to permissions
> > and MAC labels on system binaries. Is there any way to stop
> > make installworld resetting all my customisation? At the moment
> > I have a set of scripts to set permissions on everything but that's
> > not exactly ideal.
>
> You can create a /etc/policy.contexts file, see the Handbook
> for my example. Then read this in using the setfsmac(1)
> command. Then edit /etc/mac.conf, while this really doesn't
> prevent the clobbering, it makes a quick permission setup.
> I would think that easier than a script.
Sounds interesting, I'll give it a try. If it works I can simply
make my script do the above at the end to fix the labels (instead
of reinventing the wheel like it does at the moment).
> Though, I'll bring this up with some of the other TrustedBSD
> developers. There should be a better way, in my opinion.
Thanks, Tom. Out of interest, how is TrustedBSD coming along? I
don't track -CURRENT and even in -STABLE there are still warnings
about apropriateness for production use. I find it pretty much does
all that I require (even if setting it up isn't the most enjoyable
of procedures!) but I'm always interested to know how things are
progressing.
Thanks,
Mark
--
PGP: http://www.darklogik.org/pub/pgp/pgp.txt
B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20050428/7c5c442d/attachment.bin
More information about the freebsd-security
mailing list