Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 10 Mar 2006 23:19:35 +0000
From:      Thomas Sparrevohn <Thomas.Sparrevohn@btinternet.com>
To:        trustedbsd-discuss@freebsd.org
Subject:   Re: question about MAC policy modules on 6.0
Message-ID:  <200603102319.36529.Thomas.Sparrevohn@btinternet.com>
In-Reply-To: <20060309140712.L13591@fledge.watson.org>
References:  <20060308.015844.98687889.hrs@allbsd.org> <20060309140712.L13591@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thursday 09 March 2006 14:09, Robert Watson wrote:
> On Wed, 8 Mar 2006, Hiroki Sato wrote:
> > 4) mount_ufs(8) multilabel option
> >
> >  mount_ufs(8) has multilabel option for the MAC label, but it
> >  seems broken ("tunefs -l enable" works, though).  I am not sure
> >  the attached patch (the second one) is correct, but it should
> >  fix this.
>

Just for the record the "mutilabel" option in fstab works in 7.0 - maybe it 
was missed in one of the MFC? 

> It's been a while since I've looked at this code, and have not had a chance
> to test your patch as yet.  The desired behavior is that mount be able to
> report that multilabel is set on the file system, and request that it be
> set when mounting the file system, but that the flag cannot be changed
> while running. The cache model on vnode labels basically means we assume
> the underlying label storage won't change except through the supported MAC
> APIs, and the mechanisms are not in place to walk the current vnode list to
> re-synchronize if the backing store changes (i.e., is enabled).  So as long
> as your patch doesn't add the ability to modify the flag at run-time, it
> sounds good to me.  In principle the kernel shouldn't allow it regardless
> of what mount requests, of course.
>
> Robert N M Watson
> _______________________________________________
> trustedbsd-discuss@FreeBSD.org mailing list
> http://lists.freebsd.org/mailman/listinfo/trustedbsd-discuss
> To unsubscribe, send any mail to
> "trustedbsd-discuss-unsubscribe@FreeBSD.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603102319.36529.Thomas.Sparrevohn>