From owner-freebsd-hackers@FreeBSD.ORG  Tue Mar 29 22:45:55 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3FD4B16A4CE
	for <hackers@freebsd.org>; Tue, 29 Mar 2005 22:45:55 +0000 (GMT)
Received: from geri.cc.fer.hr (geri.cc.fer.hr [161.53.72.121])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7556D43D46
	for <hackers@freebsd.org>; Tue, 29 Mar 2005 22:45:54 +0000 (GMT)
	(envelope-from ivoras@geri.cc.fer.hr)
Received: from geri.cc.fer.hr (localhost.cc.fer.hr [127.0.0.1])
	by geri.cc.fer.hr (8.13.1/8.13.1) with ESMTP id j2TMjlFt007909
	for <hackers@freebsd.org>; Wed, 30 Mar 2005 00:45:47 +0200 (CEST)
	(envelope-from ivoras@geri.cc.fer.hr)
Received: from localhost (ivoras@localhost)
	by geri.cc.fer.hr (8.13.1/8.13.1/Submit) with ESMTP id j2TMjl6g007906
	for <hackers@freebsd.org>; Wed, 30 Mar 2005 00:45:47 +0200 (CEST)
	(envelope-from ivoras@geri.cc.fer.hr)
Date: Wed, 30 Mar 2005 00:45:47 +0200 (CEST)
From: Ivan Voras <ivoras@geri.cc.fer.hr>
To: hackers@freebsd.org
Message-ID: <20050330003901.H7826@geri.cc.fer.hr>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Mailman-Approved-At: Wed, 30 Mar 2005 13:10:27 +0000
Subject: MAC (was: A few thoughts...)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2005 22:45:55 -0000

In the thread ("A few thoughts..") some problems were mentioned 
(disallowing users to start certain binaries) and some solutions (like 
putting the /home tree on a dedicated partition and using mount options). 
I'm interested could this be done with MAC, and how? There's not much 
documentation on *using* FreeBSD MAC capabilities (or I've just 
had no luck finding it), so could anyone give some examples, for this 
particular case?

(The above thing can be done with SELinux MAC implementation)


-- 
Every sufficiently advanced magic is indistinguishable from technology
    - Arthur C Anticlarke