cvs commit: src/sys/security/mac_biba mac_biba.c

From: Christian S.J. Peron <csjp_at_FreeBSD.org>
Date: Sat, 31 Dec 2005 05:06:59 +0000 (UTC)
csjp        2005-12-31 05:06:59 UTC

  FreeBSD src repository

  Modified files:
    sys/security/mac_biba mac_biba.c 
  Log:
  Introduce a new sysctl variable:
  
  security.mac.biba.interfaces_equal
  
  If non-zero, all network interfaces be created with the label:
  
  biba/equal(equal-equal)
  
  This is useful where programs which initialize network interfaces
  do not have any labeling support. This includes dhclient and ppp. A
  long term solution is to add labeling support into dhclient(8)
  and ppp(8), and remove this variable.
  
  It should be noted that this behavior is different then setting the:
  
  security.mac.biba.trust_all_interfaces
  
  sysctl variable, as this will create interfaces with a biba/high label.
  Lower integrity processes are not able to write to the interface in this
  event. The security.mac.biba.interfaces_equal will override
  trust_all_interfaces.
  
  The security.mac.biba.interfaces_equal variable will be set to zero
  or disabled by default.
  
  MFC after:      2 weeks
  
  Revision  Changes    Path
  1.91      +6 -1      src/sys/security/mac_biba/mac_biba.c
Received on Sat Dec 31 2005 - 05:07:04 UTC