PERFORCE change 17578 for review
Robert Watson
rwatson at freebsd.org
Mon Sep 16 17:02:08 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17578
Change 17578 by rwatson at rwatson_tislabs on 2002/09/16 10:02:02
Add an 'enforce_vm' flag that disables mmap protection stuff. Enabled
by default (same as existing code).
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#262 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#262 (text+ko) ====
@@ -146,6 +146,10 @@
SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW,
&mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations");
+static int mac_enforce_vm = 1;
+SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW,
+ &mac_enforce_vm, 0, "Enforce MAC policy on vm operations");
+
static int mac_label_size = sizeof(struct mac);
SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD,
&mac_label_size, 0, "Pre-compiled MAC label size");
@@ -1825,6 +1829,9 @@
{
vm_prot_t result = VM_PROT_ALL;
+ if (!mac_enforce_vm)
+ return (result);
+
/*
* This should be some sort of MAC_BITWISE, maybe :)
*/
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list