capabilities impletementation?
Robert Watson
rwatson at FreeBSD.org
Mon Dec 5 11:05:21 GMT 2005
On Fri, 2 Dec 2005, netpython wrote:
> What about the MAC system?
>
> I have plenty of time to test some variants of settings on x86_64.If only
> there would be more documentary available. furthermore i really don't know
> whom to turn to with error messages and i have plenty of them (even more
> questions).
>
> like:
>
> exec /sbin/init error 13
> exec /stand/sysinstall error 13
> exec /dev/devfs error 13
> init not found in path
>
> problems with: /usr/libexec/getty and /usr/X11R6/bin/xdm
Error 13 is EACCES, which is the error code returned by mandatory policies
when you can name an object but the MAC policy does not permit requested read
or write permission. If you're seeing the above, the details depend on the
policy you're running with, but the chances are either the files are not
labeled for access, or a configurable policy has a problem. For example, the
above might occur if the root file system labels init as low-integrit.
Robert N M Watson
>
>
>
> regards,
>
> Peter
>
> On 12/2/05, Yanjun Wu <yanjun03 at ios.cn> wrote:
>>
>> My approach is: Fetch the SEBSD source from the current perforce deposit, and
>> move it FreeBSD6.0; whenever there is a conflict, try to meet FreeBSD6.0
>> first. Now I have made the FreeBSD6.0 source with SEBSD compilable and
>> bootable.
>> However, there are many bugs remains. For example, to make things compilable
>> before I get clear understand about devfs, I drop the "fullpath" parameter of
>> the create_devfs_directory and create_devfs_directory, then try to get the
>> path of dev inside the entry points. Later I found the directory /dev/fd/ is
>> not correctly labeled. It is labeled as device_t instead of the correct
>> removable_device_t. But the files 0, 1, 2 are label correctly with
>> removable_device_t.
>> Here I attached the sebsd.c.diff to show my small changes against the current
>> sebsd.c in SEBSD perforce deposit. Any suggestions are appriciated.
>>
>>
>> On Wednesday 30 November 2005 16:12, Dingo wrote:
>>> seems like you and I are duplicating efforts, maybe as robert suggested
>>> we might want to do this as a team effort, might go faster. he mentioned
>>> Scott Long possibly giving some guidance and using the perforce tree to
>>> do the work in. you want to drop me a snapshot tar or cvs export and ill
>>> diff what ive done against what you have. Robert/Scott you guys want to
>>> push us forward a bit? i know the cap issue is there, maybe we can all
>>> tackle this together as Robert suggested
>>>
>>> On Tue, 2005-11-29 at 12:17 +0000, Yanjun Wu wrote:
>>>> I have written "SEBSD Getting Started HOWTO" for the past Google Summer
>>>> of Code. The PDF version is attached. Hope it useful for anyone who would
>>>> like to involve SEBSD development and test.
>>>> Now I am trying to merge SEBSD into FreeBSD 6.0 Release in my local
>>>> machine. Most of things in current SEBSD branch seems OK to directly port
>>>> to FreeBSD 6.0R, except for create_devfs_xxx and mount related
>>>> entrypoints Robert had mentioned before.
>>>
>>> To Unsubscribe: send mail to majordomo at trustedbsd.org
>>> with "unsubscribe trustedbsd-discuss" in the body of the message
>>
>>
>>
> To Unsubscribe: send mail to majordomo at trustedbsd.org
> with "unsubscribe trustedbsd-discuss" in the body of the message
>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list