Hey,
I use Mandatory Access Control (BSD extended) and I want to block all folders to view by users. But filesys in ugidfw can do that only with mounted points.
Example:
Do you see differences betwen /usr/jails/Oksymoron/etc made by me and /usr/jails/Oksymoron/ that the system did? That's why I'm asking, is there any way to create or mount a partition under jail and impose permissions with ugidfw? Another question: does MAC have the possibility to impose permissions directly on directories?
P.S I don't use ZFS.
I use Mandatory Access Control (BSD extended) and I want to block all folders to view by users. But filesys in ugidfw can do that only with mounted points.
Example:
Code:
root@ks3360102:~ # ugidfw add subject gid users object gid wheel filesys /usr/jails/Oksymoron/etc type d mode x
6 subject gid users object gid wheel filesys /usr/jails/Oksymoron type d mode x
root@ks3360102:~ #Do you see differences betwen /usr/jails/Oksymoron/etc made by me and /usr/jails/Oksymoron/ that the system did? That's why I'm asking, is there any way to create or mount a partition under jail and impose permissions with ugidfw? Another question: does MAC have the possibility to impose permissions directly on directories?
P.S I don't use ZFS.