[Bug 290140] mdo(1) and mac_do(4) not working on 15ALPHA5

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 290140] mdo(1) and mac_do(4) not working on 15ALPHA5"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 11 Oct 2025 19:11:42 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290140

--- Comment #3 from 0x1eef@protonmail.com ---
> The new syntax seems to work if you use quotation mark or escape 
> the > in the rule. But I get the same error when running the mdo command.

You're right :) I can confirm the same. Thanks. 

It was silly of me to not realize > would have special meaning in the shell but
I'm also not sure using a character that carries special meaning in the shell
is the best of ideas. ':' seemed to be less error prone. 

This is where things stand for me:

root@orca:~ # sysctl security.mac.do.rules='uid=1001>uid=0,gid=0'
security.mac.do.rules: uid=1001:uid=0,gid=0 -> uid=1001>uid=0,gid=0

0x1eef at orca.home.network [~] % mdo -u root ls
mdo: setcred(): Operation not permitted

0x1eef at orca.home.network [~] % id   
uid=1001(0x1eef) gid=1001(0x1eef)
groups=0(wheel),1001(0x1eef),1002(_sourcezap),1003(_portzap)

-- 
You are receiving this mail because:
You are the assignee for the bug.