Date: Thu, 28 Apr 2005 17:00:22 +0100 From: markzero <mark@darklogik.org> To: Tom Rhodes <trhodes@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: make installworld, permissions and labels Message-ID: <20050428160022.GD10134@logik.ath.cx> In-Reply-To: <20050428113648.23d9b68b@mobile.pittgoth.com> References: <20050428131017.GA10134@logik.ath.cx> <20050428113648.23d9b68b@mobile.pittgoth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] > On Thu, 28 Apr 2005 14:10:17 +0100 > markzero <mark@darklogik.org> wrote: > > > Just a quick question, > > Hey, I know you! You called me an asshole! But it was funny. :) Hehe, sorry about that. I was young and stupid. ;) It's a small world isn't it? > Anyway Mark, > > > My system is quite heavily customised with regard to permissions > > and MAC labels on system binaries. Is there any way to stop > > make installworld resetting all my customisation? At the moment > > I have a set of scripts to set permissions on everything but that's > > not exactly ideal. > > You can create a /etc/policy.contexts file, see the Handbook > for my example. Then read this in using the setfsmac(1) > command. Then edit /etc/mac.conf, while this really doesn't > prevent the clobbering, it makes a quick permission setup. > I would think that easier than a script. Sounds interesting, I'll give it a try. If it works I can simply make my script do the above at the end to fix the labels (instead of reinventing the wheel like it does at the moment). > Though, I'll bring this up with some of the other TrustedBSD > developers. There should be a better way, in my opinion. Thanks, Tom. Out of interest, how is TrustedBSD coming along? I don't track -CURRENT and even in -STABLE there are still warnings about apropriateness for production use. I find it pretty much does all that I require (even if setting it up isn't the most enjoyable of procedures!) but I'm always interested to know how things are progressing. Thanks, Mark -- PGP: http://www.darklogik.org/pub/pgp/pgp.txt B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1 [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iQIVAwUBQnEIlafaOQ/e/53RAQr9OhAArl4nhOLwE7g7tzxXy2SkypMVJ3aTOTeg 5X+9lMXHgHo1NDcqWiK3ZyRaFC4WVPlaSMCBZXyjedsXdaKjxuydS8DuG8f4hSfx 9VLnogZ2RuLVm70mzOV6GY2SCdFeqU40/cP+0DXkw7cMtNw5RLpjrw+9Nb/z9Kee r6E6aXy5XPdxdVnBZoRl9/M9pr3Ya7jHg32VRSBrgqMq6aO+O8m7V3oLUC+3ub7w sjiBkTBE39eEtvUxtmsiVPm3pE7YFroNd8ytBYUBwMbjKS8rqEqR55dUspofZqoE MWmXgy494UrhTPEY0POToIbQzCGhHf35Z13dek0qABjvTuNaQlREnWhvxfSofh2U JMiqfRwwxtp89TyTD2Ia/QxMf+ccK+kO6QCk9pfP1uhWEws4uV9HcPF+UUm8/Gnj /7U//tE28/utmXU3+DiHRzef3QzRBR1Swfn81bQN0RELlLWR4QFGoYlbaFpFWPU4 U+FglxXEEAeso3x8u51zjHfsLwuUMeHUPfbTwMxjkqxPFmf5zWgZwDqU3QOChRGF LKzDGocmnIVL7d1ZHX1vUS5Gr7z/v29zvGXwkd+zCsZGpPdoTHfxGrZBujppFDYl 8oXBXBdiTJ9RiKHxXxBkM0fL/Us+f5hRNME7PE/Od46i2dlYmWRSUHUl/ErdSGcc TJL9ltEQy4U= =Mr+8 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050428160022.GD10134>