Re: make installworld, permissions and labels
--WBsA/oQW3eTA3LlM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> On Thu, 28 Apr 2005 14:10:17 +0100
> markzero <mark@darklogik.org> wrote:
>=20
> > Just a quick question,
>=20
> Hey, I know you! You called me an asshole! But it was funny. :)
Hehe, sorry about that. I was young and stupid. ;)
It's a small world isn't it?
> Anyway Mark,
>=20
> > My system is quite heavily customised with regard to permissions
> > and MAC labels on system binaries. Is there any way to stop
> > make installworld resetting all my customisation? At the moment
> > I have a set of scripts to set permissions on everything but that's
> > not exactly ideal.
>=20
> You can create a /etc/policy.contexts file, see the Handbook
> for my example. Then read this in using the setfsmac(1)
> command. Then edit /etc/mac.conf, while this really doesn't
> prevent the clobbering, it makes a quick permission setup.
> I would think that easier than a script.
Sounds interesting, I'll give it a try. If it works I can simply
make my script do the above at the end to fix the labels (instead
of reinventing the wheel like it does at the moment).
> Though, I'll bring this up with some of the other TrustedBSD
> developers. There should be a better way, in my opinion.
Thanks, Tom. Out of interest, how is TrustedBSD coming along? I
don't track -CURRENT and even in -STABLE there are still warnings
about apropriateness for production use. I find it pretty much does
all that I require (even if setting it up isn't the most enjoyable
of procedures!) but I'm always interested to know how things are
progressing.
Thanks,
Mark
--=20
PGP: http://www.darklogik.org/pub/pgp/pgp.txt
B776 43DC 8A5D EAF9 2126 9A67 A7DA 390F DEFF 9DD1
--WBsA/oQW3eTA3LlM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iQIVAwUBQnEIlafaOQ/e/53RAQr9OhAArl4nhOLwE7g7tzxXy2SkypMVJ3aTOTeg
5X+9lMXHgHo1NDcqWiK3ZyRaFC4WVPlaSMCBZXyjedsXdaKjxuydS8DuG8f4hSfx
9VLnogZ2RuLVm70mzOV6GY2SCdFeqU40/cP+0DXkw7cMtNw5RLpjrw+9Nb/z9Kee
r6E6aXy5XPdxdVnBZoRl9/M9pr3Ya7jHg32VRSBrgqMq6aO+O8m7V3oLUC+3ub7w
sjiBkTBE39eEtvUxtmsiVPm3pE7YFroNd8ytBYUBwMbjKS8rqEqR55dUspofZqoE
MWmXgy494UrhTPEY0POToIbQzCGhHf35Z13dek0qABjvTuNaQlREnWhvxfSofh2U
JMiqfRwwxtp89TyTD2Ia/QxMf+ccK+kO6QCk9pfP1uhWEws4uV9HcPF+UUm8/Gnj
/7U//tE28/utmXU3+DiHRzef3QzRBR1Swfn81bQN0RELlLWR4QFGoYlbaFpFWPU4
U+FglxXEEAeso3x8u51zjHfsLwuUMeHUPfbTwMxjkqxPFmf5zWgZwDqU3QOChRGF
LKzDGocmnIVL7d1ZHX1vUS5Gr7z/v29zvGXwkd+zCsZGpPdoTHfxGrZBujppFDYl
8oXBXBdiTJ9RiKHxXxBkM0fL/Us+f5hRNME7PE/Od46i2dlYmWRSUHUl/ErdSGcc
TJL9ltEQy4U=
=Mr+8
-----END PGP SIGNATURE-----
--WBsA/oQW3eTA3LlM--
討論串 (同標題文章)