From nobody@FreeBSD.org  Tue Jul 27 07:11:23 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E2BC21065673
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 27 Jul 2010 07:11:22 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id B8B748FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 27 Jul 2010 07:11:22 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o6R7BMXU000586
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 27 Jul 2010 07:11:22 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o6R7BLSe000585;
	Tue, 27 Jul 2010 07:11:21 GMT
	(envelope-from nobody)
Message-Id: <201007270711.o6R7BLSe000585@www.freebsd.org>
Date: Tue, 27 Jul 2010 07:11:21 GMT
From: Thomas BRETHOME <thomas.brethome@c-s.fr>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Mistake in section 16.15.4 of the handbook
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         148984
>Category:       docs
>Synopsis:       [handbook] Mistake in section 16.15.4 of the handbook
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dru
>State:          closed
>Quarter:        
>Keywords:       handbook
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 27 07:20:01 UTC 2010
>Closed-Date:    Mon Mar 31 15:06:00 UTC 2014
>Last-Modified:  Mon Mar 31 15:06:00 UTC 2014
>Originator:     Thomas BRETHOME
>Release:        8.1
>Organization:
CS
>Environment:
>Description:
The example file /etc/policy.contexts (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-implementing.html) appears to be bad or outdated, the policy is'nt applied correctly by setfsmac. 
>How-To-Repeat:

>Fix:
The example file should be replaced by something like :

---
# This is the default BIBA policy for this system.

# System:
/var/run                         biba/equal
/var/run/.*                      biba/equal

/dev                             biba/equal
/dev/.*                          biba/equal

/var                             biba/equal
/var/spool                       biba/equal
/var/spool/.*                    biba/equal

/var/log                         biba/equal
/var/log/.*                      biba/equal

/tmp                             biba/equal
/tmp/.*                          biba/equal
/var/tmp                         biba/equal
/var/tmp/.*                      biba/equal

/var/spool/mqueue                biba/equal
/var/spool/clientmqueue          biba/equal

# For Nagios:
/usr/local/etc/nagios            biba/10
/usr/local/etc/nagios/.*         biba/10

/var/spool/nagios                biba/10
/var/spool/nagios/.*             biba/10

# For apache
/usr/local/etc/apache            biba/10
/usr/local/etc/apache/.*         biba/10

---

Or (less verbose) :
---

# This is the default BIBA policy for this system.

# System:
/var/run(/.*)?                      biba/equal

/dev(/.*)?                          biba/equal

/var                                biba/equal
/var/spool(/.*)?                    biba/equal

/var/log(/.*)?                      biba/equal

/tmp(/.*)?                          biba/equal
/var/tmp(/.*)?                      biba/equal

/var/spool/mqueue                   biba/equal
/var/spool/clientmqueue             biba/equal

# For Nagios:
/usr/local/etc/nagios(/.*)?         biba/10

/var/spool/nagios(/.*)?             biba/10

# For apache
/usr/local/etc/apache(/.*)?         biba/10

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->bcr 
Responsible-Changed-By: bcr 
Responsible-Changed-When: Tue Oct 5 13:22:08 UTC 2010 
Responsible-Changed-Why:  
I'll work on it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148984 
Responsible-Changed-From-To: bcr->freebsd-doc 
Responsible-Changed-By: bcr 
Responsible-Changed-When: Sun Feb 13 12:39:34 UTC 2011 
Responsible-Changed-Why:  
Throw this one back into the pool. I don't have enough time right now 
to setup a proper environment to test the proposed change. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148984 
Responsible-Changed-From-To: freebsd-doc->dri 
Responsible-Changed-By: dru 
Responsible-Changed-When: Mon Mar 31 15:04:22 UTC 2014 
Responsible-Changed-Why:  
I'll take this one. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148984 
Responsible-Changed-From-To: dri->dru 
Responsible-Changed-By: dru 
Responsible-Changed-When: Mon Mar 31 15:04:49 UTC 2014 
Responsible-Changed-Why:  
Spell name correctly :-) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148984 
State-Changed-From-To: open->closed 
State-Changed-By: dru 
State-Changed-When: Mon Mar 31 15:05:31 UTC 2014 
State-Changed-Why:  
Fixed in r44397. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=148984 
>Unformatted:
