PERFORCE change 100357 for review

Rob Deker deker at FreeBSD.org
Fri Jun 30 18:30:48 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=100357

Change 100357 by deker at sebsd_build on 2006/06/30 18:28:37

	Update install instructions to include use of tunefs to enable multilabel support.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/SEBSD-Installation.txt#5 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/SEBSD-Installation.txt#5 (text+ko) ====

@@ -41,13 +41,24 @@
 
         # pkg_add -r gmake  
 
-3.  Install SEBSD sources. After downloading the sources from 
+3. Enable multilabel support on filesystems. In order for the SEBSD file 
+   labeling to function properly, file label support must be enabled. To
+   enable multilabel support on your system, boot into single user mode
+   and use 'tunefs' to enable multilabel support for each filesystem on
+   your system. Here is an example for /.
+
+	# tunefs -l enable /
+
+   Repeat this step, substituting each other filesystem in place of / as 
+   above.
+
+4.  Install SEBSD sources. After downloading the sources from 
     http://www.trustedbsd.org/sebsd.html, untar them into /usr/src.
 
 	# cd /usr/src
 	# tar -zxf /path/to/sebsd-<version>.tar.gz
 
-4.  Build the SEBSD system. This process is similar to the canonical
+5.  Build the SEBSD system. This process is similar to the canonical
     building of world detailed in the FreeBSD Handbook, with a few
     additional steps, and some re-arranging of the typical order.
 
@@ -85,7 +96,7 @@
        the FreeBSD boot loader.  Refer to the FreeBSD handbook for more
        information on the boot loader.
 
-5. Inspect the SEBSD policy.  The system comes pre-installed with a
+6. Inspect the SEBSD policy.  The system comes pre-installed with a
    sample policy, but local changes might be required.  The policy
    source is located in /etc/security/sebsd/targeted/src/policy and the 
    compiled (binary) version is installed in 
@@ -108,17 +119,16 @@
 
 	/usr/sbin/load_policy /etc/security/sebsd/targeted/policy/policy.20
 
-6. Label the file system.  In step 4b, extended attribute support was
-   enabled in the fstab file , but the individual filesystems were not
-   labeled. To label all file systems, login as root and run the
-   following command:
+7. Label the file system.  In step 3, extended attribute support was
+   enabled, but the individual filesystems were not labeled. To label all 
+   file systems, login as root and run the following command:
 
 	cd /etc/security/sebsd/targeted/src/policy && gmake relabel
 
    Note that you will see several errors during the relabel process as
    well as many permission denials on the system console. This is normal.
 
-7.  Reboot the machine, so that applications can use the file labels
+8.  Reboot the machine, so that applications can use the file labels
     and will be started in the correct domains.
 
 At this point, the machine will be running SEBSD with the sample

More information about the trustedbsd-cvs mailing list