Date: Sat, 6 Mar 2010 16:52:51 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Selphie Keller <selphie.keller@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: RE: mac_mls mac_biba mac_lomac patches to fix ptys_equal mib support for new /dev/pts in FreeBSD 8 Message-ID: <alpine.BSF.2.00.1003061650440.59375@fledge.watson.org> In-Reply-To: <EAB3F73201B9443D81524724BA9777FD@2WIRE304> References: <2BD4195B78BE4E4E9F4953B3196590E3@2WIRE304> <alpine.BSF.2.00.1003021120450.48144@fledge.watson.org> <EAB3F73201B9443D81524724BA9777FD@2WIRE304>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Mar 2010, Selphie Keller wrote: > - (2) Could you let me know how your login.conf + user labels are > configured, and show me the output of "ps -axZ | grep sshd"? > > /etc/login.conf label configurations I use > > Staff users: label=mls/2(low-high) > Deamons: label=mls/equal(equal-equal) > Insecure users: label=mls/low(low-low) > > If you need the exact data from login.conf I can provide it, but is a bit > tricky as I use tc= to call from one class to another class and override, in > which default class is mls/low. Am I right in thinking that you have security.mac.biba.revocation_enabled and/or security.mac.mls.revocation_enabled set? Revocation being enabled might explain why you're seeing this issue, but other users aren't reporting problems. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1003061650440.59375>