Date: Wed, 12 Feb 2014 12:50:40 +0100 From: Borja Marcos <borjam@sarenet.es> To: Andreas Jonsson <andreas@romab.com> Cc: freebsd-security@freebsd.org Subject: Re: Proposal: tunable default/init label for MAC policies Message-ID: <43E2DE29-2349-4734-9E90-081EA5373406@sarenet.es> In-Reply-To: <52FA5D7D.9010402@romab.com> References: <5C244CC2-A0D5-43B9-BA30-6B54E02F1C0F@sarenet.es> <52FA5D7D.9010402@romab.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 11, 2014, at 6:27 PM, Andreas Jonsson wrote: > Hi list, > I think that being able to set the MAC process label from rc.conf = would > be a better and more flexible way of moving forward, so that modifying > rc-scripts everywhere would be unnecessary. For a "default" label, I think the right place is a tunable which can = only be changed from loader.conf, and can't be changed while the system is running. Something different, of course, would be the option to assign a certain = label to a service, with a variable such as "apache24_maclabel" set in = rc.conf. That would be great as well, but it's an entirely different issue imho. ;) Borja.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43E2DE29-2349-4734-9E90-081EA5373406>