PERFORCE change 17736 for review
Robert Watson
rwatson at freebsd.org
Thu Sep 19 22:27:35 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17736
Change 17736 by rwatson at rwatson_tislabs on 2002/09/19 15:27:08
Add enforcement tunables for enforce_vm, enforce_pipe.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#273 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#273 (text+ko) ====
@@ -125,6 +125,7 @@
static int mac_enforce_pipe = 1;
SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW,
&mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations");
+TUNABLE_INT("security.mac.enforce_pipe", &mac_enforce_pipe);
static int mac_enforce_process = 1;
SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW,
@@ -139,6 +140,7 @@
static int mac_enforce_vm = 1;
SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW,
&mac_enforce_vm, 0, "Enforce MAC policy on vm operations");
+TUNABLE_INT("security.mac.enforce_vm", &mac_enforce_vm);
static int mac_label_size = sizeof(struct oldmac);
SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list