Date: Mon, 23 Sep 2002 15:28:50 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 18021 for review Message-ID: <200209232228.g8NMSoYm053838@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18021 Change 18021 by rwatson@rwatson_tislabs on 2002/09/23 15:28:05 Further tweaks on instructions and labels to use with XFree86 and MLS. Affected files ... .. //depot/projects/trustedbsd/misc/demo-20020725/x11_with_mls.txt#2 edit Differences ... ==== //depot/projects/trustedbsd/misc/demo-20020725/x11_with_mls.txt#2 (text+ko) ==== @@ -1,12 +1,13 @@ Labeling requirements: -(1) /dev/mem and /dev/kmem must be read-write for the X server. Errors - mmap'ing these devices will be reported as errors mmap'ing /dev/vga, - for reasons unknown to me and possibly known only to the authors - of XFree86. To work around this on a system where the security - issues associated with the work-around are not a problem, use: +(1) /dev/mem, /dev/kmem, /dev/io, /dev/ttyv8, and /dev/sysmouse must be + read-write for the X server. Errors mmap'ing these devices will be + reported as errors mmap'ing /dev/vga, for reasons unknown to me and + possibly known only to the authors of XFree86. To work around this + on a system where the security issues associated with the work-around + are not a problem, use: - setfmac mls/equal /dev/mem /dev/kmem + setfmac mls/equal /dev/mem /dev/kmem /dev/io /dev/ttyv8 /dev/sysmouse Note: this will bypass MLS protection of the devices, and is not a good idea. @@ -22,14 +23,9 @@ Some applications may also require /tmp/.ICE-unix which should be similarly labeled. -(3) XFree86 maintains logfiles in /var/log. Generation of these - logfiles must be pointed at a directory writable by the X - server. At lack of this, /var/log may also be changed to - an MLS bypass label: +(3) XFree86 maintains logfiles in /var/log. Either point X11 at + a per-label/user directory for logging, or disable logging by + creating a symlink from /var/log/XFree86.0.log to /dev/null. + - setfmac mls/equal /var/log - Note that the X server may fail to rotate previous logs because - it attempts to rename these files. A better tactic is to - force the X server to store the logs somewhere else, perhaps - a per-user directory. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209232228.g8NMSoYm053838>