mac_partition and /sbin/init
Tom Rhodes
trhodes at FreeBSD.org
Thu Sep 25 02:47:50 GMT 2003
On Wed, 24 Sep 2003 21:48:21 -0400
Kenny Freeman <freeman at cs.dal.ca> wrote:
> Robert, thanks! I was wondering how partition/none was treated in the source.
> It probably would have taken me another few hours of digging through the
> different sources to figure out that 0 was actually none. Is there any way
> that the getpmac output could be rewritten so us simple folk don't get
> confused? ie. partition/0 -> partition/none. Well, that or put it into the
> man pages. I've been fiddling with this for a few evenings now. I guess I'm
> going to have to put in a few rc scripts to start these jails up. Using the
> jail util like:
Manual page is a better solution. Most programs use the return 0;.
>
> jail_dnscache_exec="/usr/sbin/setpmac partition/1 /bin/sh /etc/rc"
>
> I get permission denied errors when setting the partition to anything other
> than none, presumably because the process has already been put inside the
> jail when the setpmac util is run.
>
> Oh, this has probably been asked many times before.. Where would one find some
> usefull documentation on using biba, lomac and mls? I mean more about how to
> develop policies to secure a system with them. I've looked around at some
> trusted irix docs etc but haven't really found anything readable yet. Thanks
> for the other mailing list suggestions. I tihnk I will subscribe when I get
> some time.
I'm working on it; writing good documentation does take time, and I'm new
here. :)
Besides, I also want to be sure that what I write actually works; thats
the more important part.
--
Tom Rhodes
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list