I think you'll need to allow stat permission too - say rxs not
just rx.
You may also want to think about what this rule does to /tmp.
David.
Works fine in this way, thanks.
Cheers,
Gábor Kövesdán
___
freebsd-stable@freebsd.org mailing
Hello,
I try to make a bsdextended mac policy and when I add the following
rule, I can't login with a simple user:
ugidfw add subject not uid root object uid root mode rx
This rule is for protecting root's files from others in any case.
And I've got the following message:
On Mon, Jun 27, 2005 at 10:45:35AM +0200, K?vesd?n G?bor wrote:
Hello,
I try to make a bsdextended mac policy and when I add the following
rule, I can't login with a simple user:
ugidfw add subject not uid root object uid root mode rx
I think you'll need to allow stat permission too -