During the development stage, a few users reported problems with normal configuration. Some of these problems are listed below:
The multilabel flag does not stay enabled on my root (/) partition!
It seems that one out of every fifty users has this problem, indeed, we had this problem during our initial configuration. Further observation of this so called ``bug'' has lead me to believe that it is a result of either incorrect documentation or misinterpretation of the documentation. Regardless of why it happened, the following steps may be taken to resolve it:
Edit /etc/fstab and set the root partition at ro for read-only.
Reboot into single user mode.
Run tunefs -l enable on /.
Reboot the system into normal mode.
Run mount -urw / and change the ro back to rw in /etc/fstab and reboot the system again.
Double-check the output from the mount to ensure that multilabel has been properly set on the root file system.
After establishing a secure environment with MAC, I am no longer able to start XFree86™!
This could be caused by the MAC partition policy or by a mislabeling in one of the MAC labeling policies. To debug, try the following:
Check the error message; if the user is in the insecure class, the partition policy may be the culprit. Try setting the user's class back to the default class and rebuild the database with the cap_mkdb command. If this does not alleviate the problem, go to step two.
Double-check the label policies. Ensure that the policies are set correctly for the user in question, the XFree86 application, and the /dev entries.
If neither of these resolve the problem, send the error message and a description of your environment to the TrustedBSD discussion lists located at the TrustedBSD website or to the FreeBSD general questions 邮件列表 mailing list.