home.social

#mac_do — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #mac_do, aggregated by home.social.

  1. I’ve been replacing sudo/doas on most of my FreeBSD boxes with something much smaller: mdo(1) + mac_do(4) from base.

    No port. No sudoers parser. No setuid helper. Just a kernel MAC policy, a sysctl rule, and an explicit “SSH is the gate” security model.

    Wrote up the full walkthrough for FreeBSD 15, including rule syntax, examples, caveats, and my surrounding hardening sysctls:

    blog.hofstede.it/mdo-on-freebs

    #FreeBSD #runbsd #mdo #mac_do #sysadmin #security