Date: Thu, 11 Jul 2024 01:22:00 +0200 From: Christian Weisgerber <naddy@mips.inka.de> To: freebsd-stable@freebsd.org Subject: mac_do: gid rule fails Message-ID: <Zo8XmHe-95wOuy1n@lorvorc.mips.inka.de>
next in thread | raw e-mail | index | archive | help
I noticed that mac_do(4) and mdo(1) were recently added to 14-STABLE and decided to give them a try. A UID-based rule works: $ sysctl security.mac.do security.mac.do.rules: uid=1000:any security.mac.do.enabled: 1 $ id -u 1000 $ mdo id uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) However, a GID rule fails: $ sysctl security.mac.do.rules security.mac.do.rules: gid=1000:any $ id -g 1000 $ mdo id mdo: failed to call setuid: Operation not permitted Is that a misunderstanding on my part, am I doing something wrong, or is there a bug? 14.1-STABLE as of e729e750806d3873d5de24cce3b47cc054145985. -- Christian "naddy" Weisgerber naddy@mips.inka.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Zo8XmHe-95wOuy1n>