Heads up on recent MAC tree changes
Robert Watson
rwatson at FreeBSD.org
Sat Feb 2 15:26:15 GMT 2002
I integrated the MAC development tree from the main-line FreeBSD
5.0-CURRENT tree yesterday, and finished the updates this morning. At
about the same time, Brian also began to bring in the MAC enforcement
changes to move VFS enforcement out of individual filesystems and into the
cross-filesystem VFS code (largely in src/sys/kern). Therefore if you
update your system to recent MAC code, you should be aware of the
following changes:
(1) All kern.security.mac.* sysctl's and tunables have moved to
security.mac.*. This parallels a similar move in the main tree for
security settings. sysctl.conf and loader.conf must be updated.
(2) VFS enforcement now occurs on all filesystems, not just ones that have
been specifically modified. This means, for example, that enforcement
now occurs on NFS-mounted filesystems. On the other hand, we haven't
universally introduced the new enforcements, so some previously
enforced operations are currently not enforced.
So when updating over the next week, some caution should be used.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org NAI Labs, Safeport Network Services
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list