PERFORCE change 16021 for review
Robert Watson
rwatson at freebsd.org
Thu Aug 15 13:52:35 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16021
Change 16021 by rwatson at rwatson_tislabs on 2002/08/15 06:52:30
Modify diskless mount so that it unmounts and remounts md
UFS1 file systems when enabling labeling -- this will prevent
cached mount labels from interfering with retrieving labels
now available via EAs. This assumes UFS_EXTATTR_AUTOSTART.
Affected files ...
.. //depot/projects/trustedbsd/mac/etc/rc.diskless2#26 edit
Differences ...
==== //depot/projects/trustedbsd/mac/etc/rc.diskless2#26 (text+ko) ====
@@ -46,15 +46,20 @@
/sbin/mount /dev/md$3c $2
}
+# Enable label support on a UFS1 md file system
+# $1 = mountpoint
+# $2 = md device
+# XXX: Assumes auto-start
multilabel_md() {
labelsize=`/sbin/sysctl -n security.mac.label_size`
/bin/mkdir -p $1/.attribute/system
/usr/sbin/extattrctl initattr -f -p $1 ${labelsize} \
$1/.attribute/system/freebsd.mac
- /usr/sbin/extattrctl start $1
- /usr/sbin/extattrctl enable $1 system freebsd.mac \
- $1/.attribute/system/freebsd.mac
- /sbin/mount -u -o multilabel $1
+ #/usr/sbin/extattrctl start $1
+ #/usr/sbin/extattrctl enable $1 system freebsd.mac \
+ # $1/.attribute/system/freebsd.mac
+ /sbin/umount $1
+ /sbin/mount -o multilabel /dev/md$2c $1
}
# If there is a global system configuration file, suck it in.
@@ -71,7 +76,7 @@
# If running with MAC support, must configure labeling for /var
if sysctl security.mac > /dev/null 2>& 1 ; then
- multilabel_md /var
+ multilabel_md /var 1
fi
echo "+++ populate /var using /etc/mtree/BSD.var.dist"
@@ -125,7 +130,7 @@
# If running with MAC support, must appropriately label /tmp
if sysctl security.mac > /dev/null 2>& 1 ; then
- multilabel_md /tmp
+ multilabel_md /tmp 2
/usr/sbin/setfmac biba/equal,mls/equal,te/equal /tmp
fi
fi
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list