PERFORCE change 17739 for review
Robert Watson
rwatson at freebsd.org
Fri Sep 20 00:47:25 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17739
Change 17739 by rwatson at rwatson_tislabs on 2002/09/19 17:46:42
Temporarily disable VM enforcement and mmap revocation due to a
bug in the MLS code somewhere. We'll turn this on again later
when we've had a chance to track it down.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#274 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#274 (text+ko) ====
@@ -137,7 +137,7 @@
&mac_enforce_socket, 0, "Enforce MAC policy on socket operations");
TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket);
-static int mac_enforce_vm = 1;
+static int mac_enforce_vm = 0;
SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW,
&mac_enforce_vm, 0, "Enforce MAC policy on vm operations");
TUNABLE_INT("security.mac.enforce_vm", &mac_enforce_vm);
@@ -159,7 +159,7 @@
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation = 1;
+static int mac_mmap_revocation = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW,
&mac_mmap_revocation, 0, "Revoke mmap access to files on subject "
"relabel");
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list