svn commit: r193371 - head/sys/security/mac_biba

Robert Watson rwatson at
Wed Jun 3 08:49:45 UTC 2009

Author: rwatson
Date: Wed Jun  3 08:49:44 2009
New Revision: 193371

  By default, label all network interfaces as biba/equal on attach.  This
  makes it easier for first-time users to configure and work with biba as
  remote acess is still allowed.  Effectively, this means that, by default,
  only local security properties, not distributed ones, are enforced.
  Obtained from:	TrustedBSD Project


Modified: head/sys/security/mac_biba/mac_biba.c
--- head/sys/security/mac_biba/mac_biba.c	Wed Jun  3 08:21:11 2009	(r193370)
+++ head/sys/security/mac_biba/mac_biba.c	Wed Jun  3 08:49:44 2009	(r193371)
@@ -125,7 +125,7 @@ SYSCTL_INT(_security_mac_biba, OID_AUTO,
     0, "Label pty devices as biba/equal on create");
 TUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal);
-static int	interfaces_equal;
+static int	interfaces_equal = 1;
 SYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW,
     &interfaces_equal, 0, "Label network interfaces as biba/equal on create");
 TUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal);

More information about the svn-src-all mailing list