how to deny reading of several sysctls (for a set of uids, f.e.)

Andrey V. Elsukov bu7cher at yandex.ru
Fri Jan 26 07:16:44 UTC 2007


Andrew N. Below wrote:
> I also thought about passing control variable from libc
> to kernel, but it seems to be bad idea.
> 
> Any other ways?

As an idea - maybe you can implement this feature as MAC module?
Looks for a mac_check_system_sysctl function.

-- 
WBR, Andrey V. Elsukov



More information about the freebsd-hackers mailing list