Date: Wed, 17 Nov 2004 10:33:44 +0000 (GMT) From: Robert Watson <rwatson@freebsd.org> To: Peter Harmsen <pharmsen@horizon.nl> Cc: freebsd-questions@freebsd.org Subject: Re: MAC Message-ID: <Pine.NEB.3.96L.1041117103151.59721E-100000@fledge.watson.org> In-Reply-To: <20041116074333.49a47749@tobaccofarm.concepts.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 16 Nov 2004, Peter Harmsen wrote: > I'm trying to implement a Mandatory Access Controll setup, just like the > one in the example of the FreeBSD handbook:15.14 Implementing a Secure > Environment with MAC".The graphics card setup itself is very straight > forward and didn't cause any problem(s).When i run "startx" i get the > following mesage:xf86Vidmem:Address 0xde601000 outside allowed range. > This must be a configure / policy error.What keeps me busy is the spot > where to change or add something in order to increase the allowable > memory range which is clearly regulated to much for getting xfree86 to > work ( with MAC,without it's a nobrainer) What policies are you currently enabling in your kernel? Some of them will limit access to device drivers, which may prevent X11 from accessing the devices, resulting in errors that are sometimes difficult to debug (for example, for several years, XFree86 would incorrectly report that access to /dev/vga was denied, when it was actually /dev/io -- /dev/vga doesn't even exist on FreeBSD). You may find ktrace helpful in debugging this, as it will allow you to trace the system calls in the binary and see where things go wrong. Support for Audit, the tracing of security-related events, is currently being worked on, but it may be a release or two before it's ready for use. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1041117103151.59721E-100000>