From owner-freebsd-security@FreeBSD.ORG  Wed Sep  3 00:10:01 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1BB0D16A4BF
	for <freebsd-security@freebsd.org>;
	Wed,  3 Sep 2003 00:10:01 -0700 (PDT)
Received: from plusmx2.polkomtel.com.pl (plusmx2.polkomtel.com.pl
	[212.2.96.52])	by mx1.FreeBSD.org (Postfix) with ESMTP id 869F043FEC
	for <freebsd-security@freebsd.org>;
	Wed,  3 Sep 2003 00:09:58 -0700 (PDT)
	(envelope-from jaroslaw.nozderko@polkomtel.com.pl)
Received: from mswwaw2.corp.plusnet (plus-96-119.polkomtel.com.pl
	[212.2.96.119])
	by plusmx2.polkomtel.com.pl (Postfix) with ESMTP id 8FA1957E13
	for <freebsd-security@freebsd.org>;
	Wed,  3 Sep 2003 09:09:56 +0200 (CEST)
Received: from E2K2.corp.plusnet (unverified) by mswwaw2.corp.plusnet
	<T64731fd65dc0a8011f69c@mswwaw2.corp.plusnet>;
	Wed, 3 Sep 2003 09:09:55 +0200
X-MIMEOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 3 Sep 2003 09:09:55 +0200
Message-ID: <2A857CE92C11FE40858689CAEC7BED4905558761@E2K2.corp.plusnet>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [Fwd: Warning: could not send message for past 4 hours]
Thread-Index: AcNxhMQpflTb5uO/QNq703l13+uo1wAZAjrg
From: =?iso-8859-2?Q?Jaros=B3aw_Nozderko?=
	<jaroslaw.nozderko@polkomtel.com.pl>
To: <freebsd-security@freebsd.org>
Subject: MAC problems
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Sep 2003 07:10:01 -0000

FreeBSD version: 5.1-RELEASE
=20
Hi,

 I'm quite new to FreeBSD. I've check list archives and=20
read a handbook, but I didn't find solution to my problem=20
and I hope this is not off-topic.
I've installed 5.1-RELEASE, enabled ACLs on the filesystems=20
and I wanted to test MAC features. I'm also new to MAC, so=20
perhaps this is some my mistake.
When I enable mac_biba or mac_lomac  (in loader.conf) without
any configuration, it seems to block networking:
=20
jarek@skorpion jarek> ping 192.168.65.100
PING 192.168.65.100 (192.168.65.100): 56 data bytes
ping: sendto: Permission denied
ping: sendto: Permission denied
ping: sendto: Permission denied
^C
--- 192.168.65.100 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

On the other side, when mac_mls is loaded, networking works,
but starting X server fails with message "Couldn't mmap /dev/vga"
(I don't see /dev/vga device regardless of MAC policy loaded)
=20
Is it normal, or is something wrong ?
Is any additional documentation about MAC available, more than
papers at http://www.trustedbsd.org ? I'd like to learn a bit more.
=20
Regards and thanks for any help,
Jarek