Date: Mon, 16 Jun 2008 13:39:55 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Jeffrey Goldberg <jeffrey@goldmark.org> Cc: FreeBSD List <freebsd-questions@freebsd.org> Subject: Re: Enforce minimal file/ dir permissions Message-ID: <20080616133955.b1af14c3.wmoran@potentialtech.com> In-Reply-To: <AFE68B39-2732-4338-B561-F24CB19A23B6@goldmark.org> References: <1213611664.6398.275.camel@phoenix.blechhirn.net> <20080616082125.7dd23b70.wmoran@potentialtech.com> <AFE68B39-2732-4338-B561-F24CB19A23B6@goldmark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to Jeffrey Goldberg <jeffrey@goldmark.org>: > On Jun 16, 2008, at 7:21 AM, Bill Moran wrote: > > > Look at MAC and the bsdextended module (filesystem firewall): > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-bsdextended.html > > I've recently been looking at those myself, and while I think that I > have developed some limited understanding "in principle" about how MAC > works, I need a great deal more practical guidance. Is there some > extended tutorial with cookbook or other resource that will actually > help someone who doesn't fully grok this work out a policy and rules > that will do more good than harm? In my experience, there is a tremendous dearth of information on this topic, and it's not much better on the Linux side where MAC is call "SE Linux". At this time, I think you're going to have to rely on your own experimenting to fully understand how everything works. Hopefully that will improve with time. -- Bill Moran http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080616133955.b1af14c3.wmoran>