PERFORCE change 52372 for review

Andrew Reisse areisse at FreeBSD.org
Thu May 6 19:35:03 GMT 2004


http://perforce.freebsd.org/chv.cgi?CH=52372

Change 52372 by areisse at areisse_ibook on 2004/05/06 12:34:35

	clean up usage section

Affected files ...

.. //depot/projects/trustedbsd/sedarwin73/README#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin73/README#4 (text+ko) ====

@@ -35,16 +35,20 @@
 Usage:
 Following the build instructions will yield a system with sedarwin installed,
 and the sample TE policy configured. To test some functionality, enable
-enforcing mode (by default, the TE module runs in permissive mode, logging
-access control failures but not enforcing them) and set some file labels:
+enforcing mode by running "sudo nvram kenv_sebsd_enforce=1" from the shell
+(by default, the TE module runs in permissive mode, logging
+access control failures but not enforcing them) and set some file labels.
+TE labels are of the form user:role:type. When passed to or from the
+system, labels begin with the name of the policy module (in this case, 
+sebsd). Objects use the object_r "role".
+
 $ getpmac
 sebsd/andrew:user_r:user_d
-(TE labels are of the form user:role:type. The sebsd/ indicates that the
-label is for the sebsd policy module. Objects use the object_r "role".)
 $ touch test_readonly
 $ setfmac sebsd/andrew:object_r:readonly_t test_readonly
 $ echo > test_readonly
 test_readonly: Permission denied
+
 $ touch test_secret
 $ setfmac sebsd/andrew:object_r:secret_t test_secret
 $ cat test_secret
@@ -56,7 +60,9 @@
 sebsd/andrew:user_r:protected_d
 2$ echo $$
 700
-In the original shell,
+Back in the original shell,
+$ getpmac
+sebsd/andrew:user_r:user_d
 $ kill 700
 -bash: kill (700) - Operation not permitted
 $
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list