Re: Playing with secmodel

To: Elad Efrat <elad%NetBSD.org@localhost>
Subject: Re: Playing with secmodel
From: Emmanuel Vadot <manu%bistoufly.org@localhost>
Date: Sat, 15 Mar 2008 20:53:52 +0100

Elad Efrat wrote:

Emmanuel Vadot wrote:

I've edited /usr/src/sys/conf/std
Here is the diff :

knuckles# diff /usr/src/sys/conf/std /usr/src/sys/conf/std.orig
20,22c20
< #options secmodel_bsd44       # Traditional 4.4BSD security model
< options secmodel_overlay
<
---
 > options secmodel_bsd44        # Traditional 4.4BSD security model
knuckles#


Well, I did the same -- I'm actually playing with the secmodel code
heavily -- and it's working okay:

phyre:elad {1} sysctl security.models
security.models.overlay.name = Overlay (on-top of bsd44)
security.models.overlay.securelevel = -1
security.models.overlay.curtain = 0
phyre:elad {2} test/rawsock
open raw socket: failed.
phyre:elad {3} su
Password:
You have mail.
phyre:elad {1} test/rawsock
open raw socket: success.
phyre:elad {2} exit
exit
phyre:elad {4}

Can you try a clean build with just the secmodel_overlay change (nothing
else) and see if it still doesn't work?

The fact nothing is printed except for kernel messages sounds very
weird; maybe you can break into ddb and see what's running?

-e.

I've found what is the problem.

The callback for device isn't define in the file in syssrc.tgz . Thefile version is 1.3.

Syncing with the last version work as expected.

--
Manu

Follow-Ups:
- Re: Playing with secmodel
  - From: Elad Efrat

References:
- Playing with secmodel
  - From: Emmanuel Vadot
- Re: Playing with secmodel
  - From: Elad Efrat
- Re: Playing with secmodel
  - From: Emmanuel Vadot
- Re: Playing with secmodel
  - From: Elad Efrat

Prev by Date: Re: Playing with secmodel
Next by Date: Re: Playing with secmodel
Previous by Thread: Re: Playing with secmodel
Next by Thread: Re: Playing with secmodel
Indexes:

Home | Main Index | Thread Index | Old Index