PERFORCE change 23337 for review
Brian Feldman
green at freebsd.org
Tue Jan 7 13:28:25 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=23337
Change 23337 by green at green_laptop_2 on 2003/01/07 05:28:08
Add a tunable (os-dependent, that is) to avc/avc.c which allows
you to enable enforcement mode from the boot loader.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#13 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#13 (text+ko) ====
@@ -235,6 +235,11 @@
if (!avc_audit_buffer)
panic("AVC: unable to allocate audit buffer\n");
mtx_init(&avc_lock, "SEBSD AVC", NULL, MTX_DEF);
+ /* The fetch may or may not occur; if not, it doesn't change int *. */
+ avc_debug_always_allow = !avc_debug_always_allow;
+ TUNABLE_INT_FETCH("security.mac.sebsd.enforcing",
+ &avc_debug_always_allow);
+ avc_debug_always_allow = !avc_debug_always_allow;
}
/*
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list