Bug 148984

Summary: [handbook] Mistake in section 16.15.4 of the handbook
Product: Documentation Reporter: Thomas BRETHOME <thomas.brethome>
Component: Books & ArticlesAssignee: Dru Lavigne <dru>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Thomas BRETHOME 2010-07-27 08:20:01 UTC 
The example file /etc/policy.contexts (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-implementing.html) appears to be bad or outdated, the policy is'nt applied correctly by setfsmac.

Fix: 

The example file should be replaced by something like :

---
# This is the default BIBA policy for this system.

# System:
/var/run                         biba/equal
/var/run/.*                      biba/equal

/dev                             biba/equal
/dev/.*                          biba/equal

/var                             biba/equal
/var/spool                       biba/equal
/var/spool/.*                    biba/equal

/var/log                         biba/equal
/var/log/.*                      biba/equal

/tmp                             biba/equal
/tmp/.*                          biba/equal
/var/tmp                         biba/equal
/var/tmp/.*                      biba/equal

/var/spool/mqueue                biba/equal
/var/spool/clientmqueue          biba/equal

# For Nagios:
/usr/local/etc/nagios            biba/10
/usr/local/etc/nagios/.*         biba/10

/var/spool/nagios                biba/10
/var/spool/nagios/.*             biba/10

# For apache
/usr/local/etc/apache            biba/10
/usr/local/etc/apache/.*         biba/10

---

Or (less verbose) :
---

# This is the default BIBA policy for this system.

# System:
/var/run(/.*)?                      biba/equal

/dev(/.*)?                          biba/equal

/var                                biba/equal
/var/spool(/.*)?                    biba/equal

/var/log(/.*)?                      biba/equal

/tmp(/.*)?                          biba/equal
/var/tmp(/.*)?                      biba/equal

/var/spool/mqueue                   biba/equal
/var/spool/clientmqueue             biba/equal

# For Nagios:
/usr/local/etc/nagios(/.*)?         biba/10

/var/spool/nagios(/.*)?             biba/10

# For apache
/usr/local/etc/apache(/.*)?         biba/10
Comment 1 Benedict Reuschling freebsd_committer freebsd_triage 2010-10-05 14:22:08 UTC 
Responsible Changed
From-To: freebsd-doc->bcr

I'll work on it.
Comment 2 Benedict Reuschling freebsd_committer freebsd_triage 2011-02-13 12:39:34 UTC 
Responsible Changed
From-To: bcr->freebsd-doc

Throw this one back into the pool. I don't have enough time right now 
to setup a proper environment to test the proposed change.
Comment 3 Dru Lavigne freebsd_committer freebsd_triage 2014-03-31 16:04:22 UTC 
Responsible Changed
From-To: freebsd-doc->dri

I'll take this one.
Comment 4 Dru Lavigne freebsd_committer freebsd_triage 2014-03-31 16:04:49 UTC 
Responsible Changed
From-To: dri->dru

Spell name correctly :-)
Comment 5 Dru Lavigne freebsd_committer freebsd_triage 2014-03-31 16:05:31 UTC 
State Changed
From-To: open->closed

Fixed in r44397.