From owner-p4-projects Tue Sep 24 20:25:43 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E036137B404; Tue, 24 Sep 2002 20:25:39 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9108337B401 for ; Tue, 24 Sep 2002 20:25:39 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3021F43E6E for ; Tue, 24 Sep 2002 20:25:39 -0700 (PDT) (envelope-from amigus@FreeBSD.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g8P3PdCo050483 for ; Tue, 24 Sep 2002 20:25:39 -0700 (PDT) (envelope-from amigus@FreeBSD.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g8P3PcYt050480 for perforce@freebsd.org; Tue, 24 Sep 2002 20:25:38 -0700 (PDT) Date: Tue, 24 Sep 2002 20:25:38 -0700 (PDT) Message-Id: <200209250325.g8P3PcYt050480@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to amigus@FreeBSD.org using -f From: Adam Migus Subject: PERFORCE change 18111 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18111 Change 18111 by amigus@amigus_ganymede on 2002/09/24 20:25:33 Tweak. Affected files ... .. //depot/projects/trustedbsd/misc/scripts/mac_boot.pl#4 edit .. //depot/projects/trustedbsd/misc/scripts/master_script.sh#2 edit .. //depot/projects/trustedbsd/misc/scripts/relabeluser#1 add .. //depot/projects/trustedbsd/misc/scripts/setup#1 add Differences ... ==== //depot/projects/trustedbsd/misc/scripts/mac_boot.pl#4 (text+ko) ==== @@ -63,14 +63,6 @@ print "Entering MAC/MLS boot script.\n"; -system ("passwd $CF_OPS{'so_username'}") -unless (-f $STATE_FILE); - -print "Labeling Security Officers files...\n" and -system ("/usr/local/sbin/mac_user_label.pl --directory /home/so". - "--file-label mls/high --run-label mls/equal") -unless (-f $STATE_FILE); - unless (-f $STATE_FILE) { print "Initializing filesystems for MAC/MLS...\n"; @@ -141,6 +133,14 @@ rename("/etc/fstab.update", "/etc/fstab"); } +system ("passwd $CF_OPS{'so_username'}") +unless (-f $STATE_FILE); + +print "Labeling Security Officers files...\n" and +system ("/usr/local/sbin/mac_user_label.pl --directory /home/so ". + "--file-label mls/high --run-label mls/equal") +unless (-f $STATE_FILE); + open(FH,">$STATE_FILE") || die "$program: cannot create $STATE_FILE: $!"; close (FH); ==== //depot/projects/trustedbsd/misc/scripts/master_script.sh#2 (text+ko) ==== @@ -31,7 +31,11 @@ install -m 555 -o root -g wheel mac_boot.pl /usr/local/sbin [ $? -ne 0 ] && echo "Error!" && exit 1 install -m 555 -o root -g wheel mac_default_label.pl /usr/local/sbin -touch /etc/.mac_installed +[ $? -ne 0 ] && echo "Error!" && exit 1 +install -m 555 -o root -g wheel mac_user_label.pl /usr/local/sbin +[ $? -ne 0 ] && echo "Error!" && exit 1 +install -m 555 -o root -g wheel relabeluser /usr/local/sbin +[ $? -ne 0 ] && echo "Error!" && exit 1 echo "Enabling boot program." mac_enable_boot.pl --etc-directory /etc \ @@ -49,17 +53,11 @@ [ $? -ne 0 ] && echo "Error!" && exit 1 mac_update_login_conf.pl --login-config-file /etc/login.conf \ - --user root \ + --user so \ --label "mls/low(low-high)" \ --tty-label "mls/low(low-high)" [ $? -ne 0 ] && echo "Error!" && exit 1 -mac_update_login_conf.pl --login-config-file /etc/login.conf \ - --user so \ - --label "mls/high(low-high)" \ - --tty-label "mls/high(low-high)" -[ $? -ne 0 ] && echo "Error!" && exit 1 - cap_mkdb /etc/login.conf [ $? -ne 0 ] && echo "Error!" && exit 1 @@ -67,3 +65,5 @@ mac_add_so_account.pl --username so --real-name "Security Officer" \ --shell /usr/local/bin/bash [ $? -ne 0 ] && echo "Error!" && exit 1 + +touch /etc/.mac_installed To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message