mdo Setup Steps on FreeBSD

1. Load the Kernel Module

kldload mac_do

Verify it loaded:

kldstat | grep mac_do

2. Enable and Configure via sysctl

sysctl security.mac.do.enabled=1
sysctl security.mac.do.rules='gid=0>uid=0,gid=*,+gid=*'

This rule grants any member of the wheel group (GID 0) the ability to become root with full group inheritance.

3. Make It Persistent

Add to /etc/rc.conf to load the module at boot:

sysrc kld_list+=mac_do

Add to /etc/sysctl.conf to apply rules after the module loads:

security.mac.do.enabled=1
security.mac.do.rules=gid=0>uid=0,gid=*,+gid=*