how to deny reading of several sysctls (for a set of uids, f.e.)

Andrey V. Elsukov bu7cher at
Fri Jan 26 07:16:44 UTC 2007

Andrew N. Below wrote:
> I also thought about passing control variable from libc
> to kernel, but it seems to be bad idea.
> Any other ways?

As an idea - maybe you can implement this feature as MAC module?
Looks for a mac_check_system_sysctl function.

WBR, Andrey V. Elsukov

More information about the freebsd-hackers mailing list