docs/148984: Mistake in section 16.15.4 of the handbook

Tue Jul 27 07:20:02 UTC 2010

>Number:         148984
>Category:       docs
>Synopsis:       Mistake in section 16.15.4 of the handbook
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 27 07:20:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Thomas BRETHOME
>Release:        8.1
>Organization:
CS
>Environment:
>Description:
The example file /etc/policy.contexts (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-implementing.html) appears to be bad or outdated, the policy is'nt applied correctly by setfsmac. 
>How-To-Repeat:

>Fix:
The example file should be replaced by something like :

---
# This is the default BIBA policy for this system.

# System:
/var/run                         biba/equal
/var/run/.*                      biba/equal

/dev                             biba/equal
/dev/.*                          biba/equal

/var                             biba/equal
/var/spool                       biba/equal
/var/spool/.*                    biba/equal

/var/log                         biba/equal
/var/log/.*                      biba/equal

/tmp                             biba/equal
/tmp/.*                          biba/equal
/var/tmp                         biba/equal
/var/tmp/.*                      biba/equal

/var/spool/mqueue                biba/equal
/var/spool/clientmqueue          biba/equal

# For Nagios:
/usr/local/etc/nagios            biba/10
/usr/local/etc/nagios/.*         biba/10

/var/spool/nagios                biba/10
/var/spool/nagios/.*             biba/10

# For apache
/usr/local/etc/apache            biba/10
/usr/local/etc/apache/.*         biba/10

---

Or (less verbose) :
---

# This is the default BIBA policy for this system.

# System:
/var/run(/.*)?                      biba/equal

/dev(/.*)?                          biba/equal

/var                                biba/equal
/var/spool(/.*)?                    biba/equal

/var/log(/.*)?                      biba/equal

/tmp(/.*)?                          biba/equal
/var/tmp(/.*)?                      biba/equal

/var/spool/mqueue                   biba/equal
/var/spool/clientmqueue             biba/equal

# For Nagios:
/usr/local/etc/nagios(/.*)?         biba/10

/var/spool/nagios(/.*)?             biba/10

# For apache
/usr/local/etc/apache(/.*)?         biba/10

>Release-Note:
>Audit-Trail:
>Unformatted: