# mac_partition TrustedBSD FreeBSD 10 - ZFS, UFS



## bryn1u (Feb 5, 2014)

Hey,

I want to use mac_partition to hide processes but was wondering does it work on ZFS and in jail? Or UFS and in jail? I read few documentations, man, and buggy's list, found not much.  

Second question.
I don't know how to exactly/really works.  Does someone use it and could and share his skills? 

Thanks,
Michał


----------



## SirDice (Feb 5, 2014)

bryn1u said:
			
		

> I want to use mac_partition to hide processes but was wondering does it work on ZFS and in jail? Or UFS and in jail? I read few documentations, man, and buggy's list, found not much.


What processes are you trying to hide? There are the sysctl(8) security.bsd.see_other_uids and security.bsd.see_other_gids which may prove to be simpler to implement. Mandatory Access Control is a bit of a beast and quite complex.


----------



## bryn1u (Feb 5, 2014)

For example:



> We set the partition of the process to match the partition of the user, and then the user was allowed to see the process. Once we turned mac_seeotheruids back on, the ability to see the process was removed. Mac_seeotheruids takes priority over mac_partition, but still has ability to add to the security when used in conjunction. Also, keep in mind, that partition "0" will always take priority over the partition labels. Anyone of the wheel group will still be able to see the processes of the other users regardless of the partition a process is set to.
> 
> How will we use these two together, in an actual business situation, is quite simple. If you are allowing primary groups to see other processes, you can set users from the same primary group to different partitions.
> 
> ...



But what i see it's not working well in jail (


----------

