From owner-freebsd-security@FreeBSD.ORG  Wed Mar 16 06:54:23 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B9F8D16A4CE; Wed, 16 Mar 2005 06:54:23 +0000 (GMT)
Received: from ivc-i.dp.uz.gov.ua (ivc-i.dp.uz.gov.ua [212.1.84.107])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id E871643D39; Wed, 16 Mar 2005 06:54:21 +0000 (GMT)
	(envelope-from o.palij@dp.uz.gov.ua)
Received: from s4dnepr.dp.uz.gov.ua ([10.6.105.15])
	by ivc-i.dp.uz.gov.ua (8.12.11/8.12.11) with ESMTP id j2G6sE6Z022528;
	Wed, 16 Mar 2005 08:54:19 +0200
Received: from dp.uz.gov.ua ([10.6.105.74])
          by s4dnepr.dp.uz.gov.ua (Lotus Domino Release 5.0.10)
          with ESMTP id 2005031608541395:7311 ;
          Wed, 16 Mar 2005 08:54:13 +0200 
Date: Wed, 16 Mar 2005 08:54:13 +0200
From: Oleg Palij <o.palij@dp.uz.gov.ua>
To: csjp@FreeBSD.ORG
Message-ID: <20050316085413.2cb4ec3c@iscmpd-oleg.dp.uz.gov.ua>
Organization: Pridn railway
X-Mailer: Sylpheed-Claws 1.0.0 (GTK+ 1.2.10; i386-portbld-freebsd5.3)
Mime-Version: 1.0
X-MIMETrack: Itemize by SMTP Server on s4dnepr/DNEPR/UKRZAL(Release 5.0.10
	|March 22, 2002) at 03/16/2005 08:54:14 AM,2002) at
	03/16/2005 08:54:19 AM,	Serialize complete at 03/16/2005 08:54:19 AM
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Virus-Scanned: clamd / ClamAV version 0.75, clamav-milter version 0.75
	on ivc-i
X-Virus-Status: Clean
cc: freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD trusted execution system: beta testers wanted
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2005 06:54:23 -0000

Hi!

Thanks for developing such interesting feature :) !

But I have some problems, which I cant understand.

# sysctl security.mac.chkexec.enforce=0 
security.mac.chkexec.enforce: 1 -> 0

# setfhash /usr/local/sbin/logrotate
# getfhash /usr/local/sbin/logrotate
/usr/local/sbin/logrotate: sha1 78513a038cd9416f2be710b6732369b96874b364

# sysctl security.mac.chkexec.enforce=1 
security.mac.chkexec.enforce: 0 -> 1

# /usr/local/sbin/logrotate
bash: /usr/local/sbin/logrotate: Operation not permitted

# getfhash /usr/local/sbin/logrotate 
/usr/local/sbin/logrotate: sha1 78513a038cd9416f2be710b6732369b96874b364

How can I see what exactly goes wrong ???

Oleg.