Date: Sat, 26 Oct 2013 11:56:04 +0200 From: ASV <asv@inhio.eu> To: David.I.Noel@gmail.com Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: MAC issue on FBSD 9.1-RELEASE Message-ID: <1382781365.92947.21.camel@mailsb> In-Reply-To: <CAHAXwYANBc16aO1-aAiQFHpMYJuZUeK=Q6R18-WpwmX4AZ6oEw@mail.gmail.com> References: <1382692375.92947.9.camel@mailsb> <CAHAXwYANBc16aO1-aAiQFHpMYJuZUeK=Q6R18-WpwmX4AZ6oEw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi David, thanks for the reply. Unfortunately in the past I've written to trustedbsd-discuss@freebsd.org and they told me that that's supposed to be just a "playground" and due to the fact that the trustedbsd framework has been officially ported into FreeBSD, questions must go to freebsd-questions. Now, I'm very disappointed because there's no way to get info about MAC. Not only almost nobody seems to be knowing anything about how it works which lead to the fact that for any issue you're pretty much on your own. But the main problem here is to know more about the status of the development. If I've an issue I cannot figure out if it's caused by my mistake or it's just a bug. And configurations that worked for a while (like in my specific case) suddenly cease to work because I've patched the kernel (and not in a custom way but via freebsd-update)! My point is: why the heck this functionality is built-in if is abandoned (is it?)? If they don't keep maintaining/fixing/improving it and it's also considered "experimental" according to the man pages, why is in the main branch? Wouldn't be better to get rid of something which is kind of a 'blackhole' instead of keeping it in such a state just to say that "we have it"? I really hope to spark a little discussion about it. Thanks a lot to whoever would like to reply to me in any way. On Fri, 2013-10-25 at 10:23 -0500, David Noel wrote: > > I'm wondering if something have been changed regarding MAC on FreeBSD > > 9.1-RELEASE. Since I've executed freebsd-update basically updating from > > the first release to the p7, I cannot longer login with my restricted > > accounts. > > I always get: > > > >> _secure_path: cannot stat /home/macuser/.login_conf: Permission denied > >> login: LOGIN macuser REFUSED (HOMEDIR) ON TTY ttyv1 > > > > and on the login screen (user tty) I get: > > > >> login: Could not determine audit condition > > > > no matter if the file is there or not, neither which DAC/MAC permissions > > are there, no matter if I disable the ":requirehome:" and the > > ":ttys.allow:" directives on login.conf. Not even relabling the entire > > FS helped. > > > > I've spent several hours now to figure out but at this point seems to me > > that the update screwed everything up somehow. > > Does anyone have any idea of what's going on? Any input would be REALLY > > appreciated. > > I've had my fair share of troubles with FreeBSD's MAC and > unfortunately wound up just disabling it entirely. While I don't have > a solution to your specific problem I would suggest cc'ing > trustedbsd-discuss@freebsd.org. You *may* find someone there who could > help, though the last time I tried to hail anyone on it it was all but > dead. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1382781365.92947.21.camel>