PERFORCE change 18021 for review

Robert Watson rwatson at freebsd.org
Mon Sep 23 22:28:50 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18021

Change 18021 by rwatson at rwatson_tislabs on 2002/09/23 15:28:05

	Further tweaks on instructions and labels to use with XFree86
	and MLS.

Affected files ...

.. //depot/projects/trustedbsd/misc/demo-20020725/x11_with_mls.txt#2 edit

Differences ...

==== //depot/projects/trustedbsd/misc/demo-20020725/x11_with_mls.txt#2 (text+ko) ====

@@ -1,12 +1,13 @@
 Labeling requirements:
 
-(1) /dev/mem and /dev/kmem must be read-write for the X server.  Errors
-    mmap'ing these devices will be reported as errors mmap'ing /dev/vga,
-    for reasons unknown to me and possibly known only to the authors
-    of XFree86.  To work around this on a system where the security
-    issues associated with the work-around are not a problem, use:
+(1) /dev/mem, /dev/kmem, /dev/io, /dev/ttyv8, and /dev/sysmouse must be
+    read-write for the X server.  Errors mmap'ing these devices will be
+    reported as errors mmap'ing /dev/vga, for reasons unknown to me and
+    possibly known only to the authors of XFree86.  To work around this
+    on a system where the security issues associated with the work-around
+    are not a problem, use:
 
-	setfmac mls/equal /dev/mem /dev/kmem
+	setfmac mls/equal /dev/mem /dev/kmem /dev/io /dev/ttyv8 /dev/sysmouse
 
     Note: this will bypass MLS protection of the devices, and is not
     a good idea.
@@ -22,14 +23,9 @@
     Some applications may also require /tmp/.ICE-unix which should
     be similarly labeled.
 
-(3) XFree86 maintains logfiles in /var/log.  Generation of these
-    logfiles must be pointed at a directory writable by the X
-    server.  At lack of this, /var/log may also be changed to
-    an MLS bypass label:
+(3) XFree86 maintains logfiles in /var/log.  Either point X11 at
+    a per-label/user directory for logging, or disable logging by
+    creating a symlink from /var/log/XFree86.0.log to /dev/null.
+
 
-	setfmac mls/equal /var/log
 
-    Note that the X server may fail to rotate previous logs because
-    it attempts to rename these files.  A better tactic is to
-    force the X server to store the logs somewhere else, perhaps
-    a per-user directory.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list