PERFORCE change 15886 for review
Robert Watson
rwatson at freebsd.org
Tue Aug 13 01:05:47 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15886
Change 15886 by rwatson at rwatson_tislabs on 2002/08/12 18:05:04
Change the default behavior when revoking a mapping from "fail
not-stop" to "fail-stop". This is the expected behavior for
most policies for consistency with other platforms -- we may want
to investigate whether we can find a way to allow policies to
express a preference on downgrade behavior.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#236 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#236 (text+ko) ====
@@ -161,7 +161,7 @@
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation_via_cow = 1;
+static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list