From owner-freebsd-security@FreeBSD.ORG Thu Apr 28 16:00:26 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7CF4D16A4CE; Thu, 28 Apr 2005 16:00:26 +0000 (GMT) Received: from addr9.addr.com (addr9.addr.com [209.249.147.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B94343D49; Thu, 28 Apr 2005 16:00:26 +0000 (GMT) (envelope-from markzero@logik.ath.cx) Received: from logik.ath.cx (localhost [127.0.0.1])j3SG0MRY037625; Thu, 28 Apr 2005 09:00:23 -0700 (PDT) Received: by logik.ath.cx (Postfix, from userid 1001) id A317D6123; Thu, 28 Apr 2005 17:00:22 +0100 (BST) Date: Thu, 28 Apr 2005 17:00:22 +0100 From: markzero To: Tom Rhodes Message-ID: <20050428160022.GD10134@logik.ath.cx> References: <20050428131017.GA10134@logik.ath.cx> <20050428113648.23d9b68b@mobile.pittgoth.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="WBsA/oQW3eTA3LlM" Content-Disposition: inline In-Reply-To: <20050428113648.23d9b68b@mobile.pittgoth.com> X-GPG-Key: http://darklogik.org/pub/pgp/pgp.txt X-Fingerprint: B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1 X-ADDRSpamFilter: Passed, probability (10%) X-ADDRSignature: 29F567C3 cc: freebsd-security@freebsd.org Subject: Re: make installworld, permissions and labels X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 16:00:26 -0000 --WBsA/oQW3eTA3LlM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > On Thu, 28 Apr 2005 14:10:17 +0100 > markzero wrote: >=20 > > Just a quick question, >=20 > Hey, I know you! You called me an asshole! But it was funny. :) Hehe, sorry about that. I was young and stupid. ;) It's a small world isn't it? > Anyway Mark, >=20 > > My system is quite heavily customised with regard to permissions > > and MAC labels on system binaries. Is there any way to stop > > make installworld resetting all my customisation? At the moment > > I have a set of scripts to set permissions on everything but that's > > not exactly ideal. >=20 > You can create a /etc/policy.contexts file, see the Handbook > for my example. Then read this in using the setfsmac(1) > command. Then edit /etc/mac.conf, while this really doesn't > prevent the clobbering, it makes a quick permission setup. > I would think that easier than a script. Sounds interesting, I'll give it a try. If it works I can simply make my script do the above at the end to fix the labels (instead of reinventing the wheel like it does at the moment). > Though, I'll bring this up with some of the other TrustedBSD > developers. There should be a better way, in my opinion. Thanks, Tom. Out of interest, how is TrustedBSD coming along? I don't track -CURRENT and even in -STABLE there are still warnings about apropriateness for production use. I find it pretty much does all that I require (even if setting it up isn't the most enjoyable of procedures!) but I'm always interested to know how things are progressing. Thanks, Mark --=20 PGP: http://www.darklogik.org/pub/pgp/pgp.txt B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1 --WBsA/oQW3eTA3LlM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iQIVAwUBQnEIlafaOQ/e/53RAQr9OhAArl4nhOLwE7g7tzxXy2SkypMVJ3aTOTeg 5X+9lMXHgHo1NDcqWiK3ZyRaFC4WVPlaSMCBZXyjedsXdaKjxuydS8DuG8f4hSfx 9VLnogZ2RuLVm70mzOV6GY2SCdFeqU40/cP+0DXkw7cMtNw5RLpjrw+9Nb/z9Kee r6E6aXy5XPdxdVnBZoRl9/M9pr3Ya7jHg32VRSBrgqMq6aO+O8m7V3oLUC+3ub7w sjiBkTBE39eEtvUxtmsiVPm3pE7YFroNd8ytBYUBwMbjKS8rqEqR55dUspofZqoE MWmXgy494UrhTPEY0POToIbQzCGhHf35Z13dek0qABjvTuNaQlREnWhvxfSofh2U JMiqfRwwxtp89TyTD2Ia/QxMf+ccK+kO6QCk9pfP1uhWEws4uV9HcPF+UUm8/Gnj /7U//tE28/utmXU3+DiHRzef3QzRBR1Swfn81bQN0RELlLWR4QFGoYlbaFpFWPU4 U+FglxXEEAeso3x8u51zjHfsLwuUMeHUPfbTwMxjkqxPFmf5zWgZwDqU3QOChRGF LKzDGocmnIVL7d1ZHX1vUS5Gr7z/v29zvGXwkd+zCsZGpPdoTHfxGrZBujppFDYl 8oXBXBdiTJ9RiKHxXxBkM0fL/Us+f5hRNME7PE/Od46i2dlYmWRSUHUl/ErdSGcc TJL9ltEQy4U= =Mr+8 -----END PGP SIGNATURE----- --WBsA/oQW3eTA3LlM--