From owner-svn-doc-projects@FreeBSD.ORG Fri May 17 17:26:21 2013 Return-Path: Delivered-To: svn-doc-projects@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 5CD19256; Fri, 17 May 2013 17:26:21 +0000 (UTC) (envelope-from trhodes@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 4F4ECCD3; Fri, 17 May 2013 17:26:21 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r4HHQLJI042958; Fri, 17 May 2013 17:26:21 GMT (envelope-from trhodes@svn.freebsd.org) Received: (from trhodes@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r4HHQLwc042957; Fri, 17 May 2013 17:26:21 GMT (envelope-from trhodes@svn.freebsd.org) Message-Id: <201305171726.r4HHQLwc042957@svn.freebsd.org> From: Tom Rhodes Date: Fri, 17 May 2013 17:26:21 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-projects@freebsd.org Subject: svn commit: r41640 - projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/mac X-SVN-Group: doc-projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-projects@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for doc projects trees List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 May 2013 17:26:21 -0000 Author: trhodes Date: Fri May 17 17:26:20 2013 New Revision: 41640 URL: http://svnweb.freebsd.org/changeset/doc/41640 Log: Whitespace love after previous commit. Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/mac/chapter.xml Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/mac/chapter.xml ============================================================================== --- projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/mac/chapter.xml Fri May 17 16:02:26 2013 (r41639) +++ projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/mac/chapter.xml Fri May 17 17:26:20 2013 (r41640) @@ -1809,134 +1809,135 @@ setpmac biba/10\(10-10\) /usr/local/etc/ - The flag does not stay - enabled on my root (/) partition! + The flag does not stay + enabled on my root (/) partition! - The following steps may resolve this transient - error: + The following steps may resolve this transient + error: - - - Edit /etc/fstab and set the root - partition to for read-only. - - - - Reboot into single user mode. - + + + Edit /etc/fstab and set the root + partition to for read-only. + + + + Reboot into single user mode. + - - Run tunefs + - - Reboot the system. - - - - Run mount - / and change the - back to in - /etc/fstab and reboot the system - again. - - - - Double-check the output from - mount to ensure that - has been properly set on the - root file system. - - - - - - After establishing a secure environment with - MAC, I am no longer able to start - Xorg! - - This could be caused by the MAC - partition policy or by a mislabeling in - one of the MAC labeling policies. To - debug, try the following: - - - - Check the error message; if the user is in the - insecure class, the - partition policy may be the culprit. - Try setting the user's class back to the - default class and rebuild the database - with cap_mkdb. If this does not - alleviate the problem, go to step two. - - - - Double-check the label policies. Ensure that the - policies are set correctly for the user, the Xorg - application, and the /dev entries. - - - - If neither of these resolve the problem, send the - error message and a description of the environment to - the &a.questions; mailing list. - - - - - - The error: _secure_path: unable to stat .login_conf shows up. - - When a user attempts to switch from the - root user to another user in the system, - the error message _secure_path: unable to stat + + Reboot the system. + + + + Run mount + / and change the + back to in + /etc/fstab and reboot the system + again. + + + + Double-check the output from + mount to ensure that + has been properly set on the + root file system. + + + + + + After establishing a secure environment with + MAC, I am no longer able to start + Xorg! + + This could be caused by the MAC + partition policy or by a mislabeling in + one of the MAC labeling policies. To + debug, try the following: + + + + Check the error message; if the user is in the + insecure class, the + partition policy may be the culprit. + Try setting the user's class back to the + default class and rebuild the database + with cap_mkdb. If this does not + alleviate the problem, go to step two. + + + + Double-check the label policies. Ensure that the + policies are set correctly for the user, the Xorg + application, and the /dev entries. + + + + If neither of these resolve the problem, send the + error message and a description of the environment to + the &a.questions; mailing list. + + + + + + The error: _secure_path: unable to stat + .login_conf shows up. + + When a user attempts to switch from the + root user to another user in the system, + the error message _secure_path: unable to stat .login_conf appears. - This message is usually shown when the user has a higher - label setting than that of the user they are attempting to - become. For instance, joe has a default - label of . The - root user, who has a label of - , cannot view - joe's home directory. This will happen - whether or not root has used - su to become joe as - the Biba integrity model will not permit - root to view objects set at a lower - integrity level. - - - - The system no longer recognizes the - root user. - - In normal or even single user mode, the - root is not recognized, - whoami returns 0 (zero), and - su returns who are + This message is usually shown when the user has a higher + label setting than that of the user they are attempting to + become. For instance, joe has a default + label of . The + root user, who has a label of + , cannot view + joe's home directory. This will happen + whether or not root has used + su to become joe as + the Biba integrity model will not permit + root to view objects set at a lower + integrity level. + + + + The system no longer recognizes the + root user. + + In normal or even single user mode, the + root is not recognized, + whoami returns 0 (zero), and + su returns who are you?. - This can happen if a labeling policy has been disabled, - either by a &man.sysctl.8; or the policy module was unloaded. - If the policy is disabled, the login capabilities database - needs to be reconfigured with removed. - Double check login.conf to ensure that - all options have been removed and - rebuild the database with cap_mkdb. - - This may also happen if a policy restricts access to - master.passwd. This is usually caused by - an administrator altering the file under a label which - conflicts with the general policy being used by the system. - In these cases, the user information would be read by the - system and access would be blocked as the file has inherited - the new label. Disable the policy using &man.sysctl.8; and - everything should return to normal. - - + This can happen if a labeling policy has been disabled, + either by a &man.sysctl.8; or the policy module was unloaded. + If the policy is disabled, the login capabilities database + needs to be reconfigured with removed. + Double check login.conf to ensure that + all options have been removed and + rebuild the database with cap_mkdb. + + This may also happen if a policy restricts access to + master.passwd. This is usually caused by + an administrator altering the file under a label which + conflicts with the general policy being used by the system. + In these cases, the user information would be read by the + system and access would be blocked as the file has inherited + the new label. Disable the policy using &man.sysctl.8; and + everything should return to normal. + +