svn commit: r193371 - head/sys/security/mac_biba
Robert Watson
rwatson at FreeBSD.org
Wed Jun 3 08:49:45 UTC 2009
Author: rwatson
Date: Wed Jun 3 08:49:44 2009
New Revision: 193371
URL: http://svn.freebsd.org/changeset/base/193371
Log:
By default, label all network interfaces as biba/equal on attach. This
makes it easier for first-time users to configure and work with biba as
remote acess is still allowed. Effectively, this means that, by default,
only local security properties, not distributed ones, are enforced.
Obtained from: TrustedBSD Project
Modified:
head/sys/security/mac_biba/mac_biba.c
Modified: head/sys/security/mac_biba/mac_biba.c
==============================================================================
--- head/sys/security/mac_biba/mac_biba.c Wed Jun 3 08:21:11 2009 (r193370)
+++ head/sys/security/mac_biba/mac_biba.c Wed Jun 3 08:49:44 2009 (r193371)
@@ -125,7 +125,7 @@ SYSCTL_INT(_security_mac_biba, OID_AUTO,
0, "Label pty devices as biba/equal on create");
TUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal);
-static int interfaces_equal;
+static int interfaces_equal = 1;
SYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW,
&interfaces_equal, 0, "Label network interfaces as biba/equal on create");
TUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal);
More information about the svn-src-head
mailing list