From owner-p4-projects@FreeBSD.ORG Thu Dec 1 21:49:56 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1557E16A422; Thu, 1 Dec 2005 21:49:56 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B49AE16A41F for ; Thu, 1 Dec 2005 21:49:55 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DFF143D99 for ; Thu, 1 Dec 2005 21:49:48 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id jB1LnZFL085772 for ; Thu, 1 Dec 2005 21:49:35 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id jB1LnZd3085769 for perforce@freebsd.org; Thu, 1 Dec 2005 21:49:35 GMT (envelope-from millert@freebsd.org) Date: Thu, 1 Dec 2005 21:49:35 GMT Message-Id: <200512012149.jB1LnZd3085769@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 87612 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 21:49:56 -0000 http://perforce.freebsd.org/chv.cgi?CH=87612 Change 87612 by millert@millert_g4tower on 2005/12/01 21:48:52 Add a failsafe context of user_r:user_d so users not explicitly listed in the users file will still be able to login and have a sensible context. Also avoid duplicates of things in the policy dir that live in /etc/sedarwin proper. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/excludes#1 add .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/failsafe_context#1 add Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#5 (text+ko) ==== @@ -21,7 +21,7 @@ m4 -Imacros -s rules > rules.m4 fc.out: fc - sudo /Users/andrew/setfsmac -x -t -s fc /bin > fc.out + sudo ../../darwin/mac_cmds/setfsmac/setfsmac -x -t -s fc /bin > fc.out genfs: fc.out cat fc.out | sed -ne 's/^\/[a-zA-Z0-9\/\.]* *[^ ]*$$/genfscon hfs &/p' > genfs @@ -36,8 +36,9 @@ install: $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 ${POLICY} ${DESTDIR} $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 sebsd_migscs ${DESTDIR} + $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 failsafe_context ${DESTDIR}/private/etc/sedarwin $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 700 ${SCRIPTS} ${DESTDIR}/private/etc/sedarwin - (cd $(CURDIR)/..; tar -cf - policy) | (cd $(DESTDIR)/private/etc/sedarwin/; tar -xf -) + (cd $(CURDIR)/..; tar -X policy/excludes -cf - policy) | (cd $(DESTDIR)/private/etc/sedarwin/; tar -xf -) cp -f Makefile.install $(DESTDIR)/private/etc/sedarwin/policy/Makefile # Mig security classes and access vectors