From owner-freebsd-hackers@FreeBSD.ORG  Sat Mar  6 16:52:52 2010
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6F22E106564A
	for <freebsd-hackers@freebsd.org>; Sat,  6 Mar 2010 16:52:52 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 4922B8FC12
	for <freebsd-hackers@freebsd.org>; Sat,  6 Mar 2010 16:52:52 +0000 (UTC)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id DD13F46B1A;
	Sat,  6 Mar 2010 11:52:51 -0500 (EST)
Date: Sat, 6 Mar 2010 16:52:51 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Selphie Keller <selphie.keller@gmail.com>
In-Reply-To: <EAB3F73201B9443D81524724BA9777FD@2WIRE304>
Message-ID: <alpine.BSF.2.00.1003061650440.59375@fledge.watson.org>
References: <2BD4195B78BE4E4E9F4953B3196590E3@2WIRE304>
	<alpine.BSF.2.00.1003021120450.48144@fledge.watson.org>
	<EAB3F73201B9443D81524724BA9777FD@2WIRE304>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-hackers@freebsd.org
Subject: RE: mac_mls mac_biba mac_lomac patches to fix ptys_equal mib support
 for new /dev/pts in FreeBSD 8
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Mar 2010 16:52:52 -0000


On Tue, 2 Mar 2010, Selphie Keller wrote:

> - (2) Could you let me know how your login.conf + user labels are
> configured, and show me the output of "ps -axZ | grep sshd"?
>
> /etc/login.conf label configurations I use
>
> Staff users: label=mls/2(low-high)
> Deamons: label=mls/equal(equal-equal)
> Insecure users: label=mls/low(low-low)
>
> If you need the exact data from login.conf I can provide it, but is a bit 
> tricky as I use tc= to call from one class to another class and override, in 
> which default class is mls/low.

Am I right in thinking that you have security.mac.biba.revocation_enabled 
and/or security.mac.mls.revocation_enabled set?  Revocation being enabled 
might explain why you're seeing this issue, but other users aren't reporting 
problems.

Robert N M Watson
Computer Laboratory
University of Cambridge