Re: The mystery of mac_vnode_check_getattrlist()
Re: The mystery of mac_vnode_check_getattrlist()
- Subject: Re: The mystery of mac_vnode_check_getattrlist()
- From: Kevin Elliott <email@hidden>
- Date: Wed, 14 Dec 2016 19:50:37 -0800
This may be a silly question, but have you tried disabling SIP (assuming you were able to get this far with it enable)? The sandbox kext and the mac functions are heavily involved in sip, and disabling it may let you bypass this issue entirely.
Sent from my iPhone
> On Dec 14, 2016, at 7:40 PM, Wim Lewis <email@hidden> wrote:
>
>
>> On Dec 14, 2016, at 6:49 PM, Jorgen Lundman <email@hidden> wrote:
>> At the moment it is a vast problem due to the unknown nature. I'm not
>> entirely sure what vnode "labels" are for, or is it something wrong in the
>> context struct (opaque to us) or the vnode names we set? Or a hundred other
>> things...
>
> In this case, I assume, MAC_ stands for "mandatory access control", which is an old security nomenclature where permissions are represented by "security labels" on every file, task, etc.. The TrustedBSD project, from which Darwin got its MAC framework, might have some documentation on what's going on with vnode security labels here.
>
> Why OSX would behave differently when booting from ZFS instead of HFS, though, I have no idea.
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Filesystem-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Filesystem-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden