From nobody@FreeBSD.org  Mon Feb 12 19:52:37 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 81A1616A469
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 Feb 2007 19:52:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 7405E13C461
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 Feb 2007 19:52:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l1CJqb0E073208
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 Feb 2007 19:52:37 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l1CJqb2J073207;
	Mon, 12 Feb 2007 19:52:37 GMT
	(envelope-from nobody)
Message-Id: <200702121952.l1CJqb2J073207@www.freebsd.org>
Date: Mon, 12 Feb 2007 19:52:37 GMT
From: "Dr. Markus Waldeck"<waldeck@gmx.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: security.mac.bsdextended.firstmatch_enabled is not enabled
X-Send-Pr-Version: www-3.0

>Number:         109105
>Category:       docs
>Synopsis:       security.mac.bsdextended.firstmatch_enabled is not enabled
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    trhodes
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 12 20:00:11 GMT 2007
>Closed-Date:    
>Last-Modified:  Tue Feb 13 16:15:15 GMT 2007
>Originator:     Dr. Markus Waldeck
>Release:        7.0-CURRENT-200702
>Organization:
>Environment:
FreeBSD fb 7.0-CURRENT-200702 FreeBSD 7.0-CURRENT-200702 #1: Sun Feb 11 14:37:59 UTC 2007     
root@fbh:/huge/fbsrc200702/sys/i386/compile/FB070201  i386

>Description:
CUSTOM kernel:
options MAC
kldload mac_bsdextended.ko

% sysctl security.mac.bsdextended.firstmatch_enabled
security.mac.bsdextended.firstmatch_enabled: 0

man mac_bsdextended
security.mac.bsdextended.firstmatch_enabled
        Toggle between the old all rules match functionality and the new
        first rule matches functionality.  This is enabled by default.

The value 0 means disabled not enabled!
>How-To-Repeat:
% sysctl security.mac.bsdextended.firstmatch_enabled

% man mac_bsdextended

>Fix:

>Release-Note:
>Audit-Trail:

From: Remko Lodder <remko@FreeBSD.org>
To: "Dr. Markus Waldeck" <waldeck@gmx.de>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: docs/109105: security.mac.bsdextended.firstmatch_enabled is not
 enabled
Date: Mon, 12 Feb 2007 22:03:01 +0100

 Dr. Markus Waldeck wrote:
 > 
 >> Description:
 > CUSTOM kernel:
 > options MAC
 > kldload mac_bsdextended.ko
 > 
 > % sysctl security.mac.bsdextended.firstmatch_enabled
 > security.mac.bsdextended.firstmatch_enabled: 0
 > 
 > man mac_bsdextended
 > security.mac.bsdextended.firstmatch_enabled
 >         Toggle between the old all rules match functionality and the new
 >         first rule matches functionality.  This is enabled by default.
 > 
 > The value 0 means disabled not enabled!
 >> How-To-Repeat:
 > % sysctl security.mac.bsdextended.firstmatch_enabled
 > 
 > % man mac_bsdextended
 > 
 
 Hello (again),
 
 When are you going to read my emails about asking
 you over and over again, to give these things a bit
 of discussion before you are submitting PR's? A
 little discussion with the developers of the MAC
 framework could give the proper idea about what is
 going on. Perhaps the documentation is OK and the
 code is wrong, or the other way around.
 
 You might think that I am a bit grumpy, and yes I am.
 
 The PR tickets are not for Support questions (Which
 this initially is) but for confirmed problems which
 should be resolved. We cannot resolve this prior to
 have some investigation going on.
 
 So AGAIN: Please ask / discuss these things on the various
 mailinglists before submitting a ticket to make things more
 concrete, this will help FreeBSD, you and others!
 
 Thanks for your understanding and coorporation.
 
 
 
 -- 
 Kind regards,
 
       Remko Lodder               ** remko@elvandar.org
       FreeBSD                    ** remko@FreeBSD.org
 
       /* Quis custodiet ipsos custodes */
Responsible-Changed-From-To: freebsd-doc->trhodes 
Responsible-Changed-By: remko 
Responsible-Changed-When: Tue Feb 13 16:15:11 UTC 2007 
Responsible-Changed-Why:  
Tom wanted to have a look at this (Thanks Tom) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=109105 
>Unformatted:
