PERFORCE change 20064 for review
Brian Feldman
green at freebsd.org
Thu Oct 24 18:42:51 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=20064
Change 20064 by green at green_laptop_2 on 2002/10/24 11:42:34
Change default MAC VM permissions to:
security.mac.enforce_vm: 1
security.mac.mmap_revocation: 0
security.mac.mmap_revocation_via_cow: 1
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#327 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#327 (text+ko) ====
@@ -142,7 +142,7 @@
&mac_enforce_sysctl, 0, "Enforce MAC policy on sysctl operations");
TUNABLE_INT("security.mac.enforce_sysctl", &mac_enforce_sysctl);
-static int mac_enforce_vm = 0;
+static int mac_enforce_vm = 1;
SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW,
&mac_enforce_vm, 0, "Enforce MAC policy on vm operations");
TUNABLE_INT("security.mac.enforce_vm", &mac_enforce_vm);
@@ -157,7 +157,7 @@
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW,
&mac_mmap_revocation, 0, "Revoke mmap access to files on subject "
"relabel");
-static int mac_mmap_revocation_via_cow = 0;
+static int mac_mmap_revocation_via_cow = 1;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list