PERFORCE change 16510 for review
Robert Watson
rwatson at freebsd.org
Sat Aug 24 17:10:54 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16510
Change 16510 by rwatson at rwatson_paprika on 2002/08/24 10:10:37
Add 'security.mac.mmap_revocation' to enable/disable
revocation of mmaps on subject relabel. Default to enable
(current behavior).
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#259 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#259 (text+ko) ====
@@ -164,6 +164,10 @@
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
+static int mac_mmap_revocation = 1;
+SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW,
+ &mac_mmap_revocation, 0, "Revoke mmap access to files on subject "
+ "relabel");
static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
@@ -2209,6 +2213,9 @@
vm_ooffset_t offset;
struct vnode *vp;
+ if (!mac_mmap_revocation)
+ return;
+
vm_map_lock_read(map);
for (vme = map->header.next; vme != &map->header; vme = vme->next) {
if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) {
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list