MAC issue on FBSD 9.1-RELEASE

ASV asv at
Sat Oct 26 09:56:14 UTC 2013

Hi David,

thanks for the reply.
Unfortunately in the past I've written to trustedbsd-discuss at
and they told me that that's supposed to be just a "playground" and due
to the fact that the trustedbsd framework has been officially ported
into FreeBSD, questions must go to freebsd-questions.

Now, I'm very disappointed because there's no way to get info about MAC.
Not only almost nobody seems to be knowing anything about how it works
which lead to the fact that for any issue you're pretty much on your
own. But the main problem here is to know more about the status of the
If I've an issue I cannot figure out if it's caused by my mistake or
it's just a bug. And configurations that worked for a while (like in my
specific case) suddenly cease to work because I've patched the kernel
(and not in a custom way but via freebsd-update)!

My point is: why the heck this functionality is built-in if is abandoned
(is it?)?
If they don't keep maintaining/fixing/improving it and it's also
considered "experimental" according to the man pages, why is in the main
Wouldn't be better to get rid of something which is kind of a
'blackhole' instead of keeping it in such a state just to say that "we
have it"?

I really hope to spark a little discussion about it.
Thanks a lot to whoever would like to reply to me in any way.

On Fri, 2013-10-25 at 10:23 -0500, David Noel wrote:
> > I'm wondering if something have been changed regarding MAC on FreeBSD
> > 9.1-RELEASE. Since I've executed freebsd-update basically updating from
> > the first release to the p7, I cannot longer login with my restricted
> > accounts.
> > I always get:
> >
> >> _secure_path: cannot stat /home/macuser/.login_conf: Permission denied
> >> login: LOGIN macuser REFUSED (HOMEDIR) ON TTY ttyv1
> >
> > and on the login screen (user tty) I get:
> >
> >> login: Could not determine audit condition
> >
> > no matter if the file is there or not, neither which DAC/MAC permissions
> > are there, no matter if I disable the ":requirehome:" and the
> > ":ttys.allow:" directives on login.conf. Not even relabling the entire
> > FS helped.
> >
> > I've spent several hours now to figure out but at this point seems to me
> > that the update screwed everything up somehow.
> > Does anyone have any idea of what's going on? Any input would be REALLY
> > appreciated.
> I've had my fair share of troubles with FreeBSD's MAC and
> unfortunately wound up just disabling it entirely. While I don't have
> a solution to your specific problem I would suggest cc'ing
> trustedbsd-discuss at You *may* find someone there who could
> help, though the last time I tried to hail anyone on it it was all but
> dead.
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list