PERFORCE change 20065 for review
Robert Watson
rwatson at freebsd.org
Thu Oct 24 19:18:49 GMT 2002
An interesting question will be whether our process-based labels provide
close enough behavior to traditional LOMAC "process group" behavior for
pipeline downgrades.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
On Thu, 24 Oct 2002, Brian Feldman wrote:
> http://perforce.freebsd.org/chv.cgi?CH=20065
>
> Change 20065 by green at green_laptop_2 on 2002/10/24 12:00:22
>
> Revocation being enabled is pretty important to LOMAC operation,
> so enable it here by default. Still leave the policy itself
> disabled.
>
> Affected files ...
>
> .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#17 edit
>
> Differences ...
>
> ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#17 (text+ko) ====
>
> @@ -118,7 +118,7 @@
> &ptys_equal, 0, "Label pty devices as lomac/equal on create");
> TUNABLE_INT("security.mac.lomac.ptys_equal", &ptys_equal);
>
> -static int revocation_enabled = 0;
> +static int revocation_enabled = 1;
> SYSCTL_INT(_security_mac_lomac, OID_AUTO, revocation_enabled, CTLFLAG_RW,
> &revocation_enabled, 0, "Revoke access to objects on relabel");
> TUNABLE_INT("security.mac.lomac.revocation_enabled", &revocation_enabled);
>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list