From owner-p4-projects Thu Aug 15 6:52:42 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 237E137B401; Thu, 15 Aug 2002 06:52:37 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05BF637B400 for ; Thu, 15 Aug 2002 06:52:36 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B525E43E65 for ; Thu, 15 Aug 2002 06:52:35 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7FDqZJU033735 for ; Thu, 15 Aug 2002 06:52:35 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7FDqZrE033732 for perforce@freebsd.org; Thu, 15 Aug 2002 06:52:35 -0700 (PDT) Date: Thu, 15 Aug 2002 06:52:35 -0700 (PDT) Message-Id: <200208151352.g7FDqZrE033732@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 16021 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16021 Change 16021 by rwatson@rwatson_tislabs on 2002/08/15 06:52:30 Modify diskless mount so that it unmounts and remounts md UFS1 file systems when enabling labeling -- this will prevent cached mount labels from interfering with retrieving labels now available via EAs. This assumes UFS_EXTATTR_AUTOSTART. Affected files ... .. //depot/projects/trustedbsd/mac/etc/rc.diskless2#26 edit Differences ... ==== //depot/projects/trustedbsd/mac/etc/rc.diskless2#26 (text+ko) ==== @@ -46,15 +46,20 @@ /sbin/mount /dev/md$3c $2 } +# Enable label support on a UFS1 md file system +# $1 = mountpoint +# $2 = md device +# XXX: Assumes auto-start multilabel_md() { labelsize=`/sbin/sysctl -n security.mac.label_size` /bin/mkdir -p $1/.attribute/system /usr/sbin/extattrctl initattr -f -p $1 ${labelsize} \ $1/.attribute/system/freebsd.mac - /usr/sbin/extattrctl start $1 - /usr/sbin/extattrctl enable $1 system freebsd.mac \ - $1/.attribute/system/freebsd.mac - /sbin/mount -u -o multilabel $1 + #/usr/sbin/extattrctl start $1 + #/usr/sbin/extattrctl enable $1 system freebsd.mac \ + # $1/.attribute/system/freebsd.mac + /sbin/umount $1 + /sbin/mount -o multilabel /dev/md$2c $1 } # If there is a global system configuration file, suck it in. @@ -71,7 +76,7 @@ # If running with MAC support, must configure labeling for /var if sysctl security.mac > /dev/null 2>& 1 ; then - multilabel_md /var + multilabel_md /var 1 fi echo "+++ populate /var using /etc/mtree/BSD.var.dist" @@ -125,7 +130,7 @@ # If running with MAC support, must appropriately label /tmp if sysctl security.mac > /dev/null 2>& 1 ; then - multilabel_md /tmp + multilabel_md /tmp 2 /usr/sbin/setfmac biba/equal,mls/equal,te/equal /tmp fi fi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message