Default policies to on: if you load them or compile them into your

kernel, you should expect them to do something, so now they do.  This
doesn't affect users who don't load or explicitly compile in the
policies.

Approved by:	re (jhb)
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

sys/security/mac_biba/mac_biba.c

@@ -85,7 +85,7 @@ static int	mac_biba_label_size = sizeof(struct mac_biba);
 SYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD,
     &mac_biba_label_size, 0, "Size of struct mac_biba");
 
-static int	mac_biba_enabled = 0;
+static int	mac_biba_enabled = 1;
 SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW,
     &mac_biba_enabled, 0, "Enforce MAC/Biba policy");
 TUNABLE_INT("security.mac.biba.enabled", &mac_biba_enabled);

sys/security/mac_lomac/mac_lomac.c

@@ -91,7 +91,7 @@ static int	mac_lomac_label_size = sizeof(struct mac_lomac);
 SYSCTL_INT(_security_mac_lomac, OID_AUTO, label_size, CTLFLAG_RD,
     &mac_lomac_label_size, 0, "Size of struct mac_lomac");
 
-static int	mac_lomac_enabled = 0;
+static int	mac_lomac_enabled = 1;
 SYSCTL_INT(_security_mac_lomac, OID_AUTO, enabled, CTLFLAG_RW,
     &mac_lomac_enabled, 0, "Enforce MAC/LOMAC policy");
 TUNABLE_INT("security.mac.lomac.enabled", &mac_lomac_enabled);

sys/security/mac_mls/mac_mls.c

@@ -85,7 +85,7 @@ static int	mac_mls_label_size = sizeof(struct mac_mls);
 SYSCTL_INT(_security_mac_mls, OID_AUTO, label_size, CTLFLAG_RD,
     &mac_mls_label_size, 0, "Size of struct mac_mls");
 
-static int	mac_mls_enabled = 0;
+static int	mac_mls_enabled = 1;
 SYSCTL_INT(_security_mac_mls, OID_AUTO, enabled, CTLFLAG_RW,
     &mac_mls_enabled, 0, "Enforce MAC/MLS policy");
 TUNABLE_INT("security.mac.mls.enabled", &mac_mls_enabled);

sys/security/mac_none/mac_none.c

@@ -77,7 +77,7 @@ SYSCTL_DECL(_security_mac);
 SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0,
     "TrustedBSD mac_none policy controls");
 
-static int	mac_none_enabled = 0;
+static int	mac_none_enabled = 1;
 SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW,
     &mac_none_enabled, 0, "Enforce none policy");
 

sys/security/mac_seeotheruids/mac_seeotheruids.c

@@ -70,7 +70,7 @@ SYSCTL_DECL(_security_mac);
 SYSCTL_NODE(_security_mac, OID_AUTO, seeotheruids, CTLFLAG_RW, 0,
     "TrustedBSD mac_seeotheruids policy controls");
 
-static int	mac_seeotheruids_enabled = 0;
+static int	mac_seeotheruids_enabled = 1;
 SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, enabled, CTLFLAG_RW,
     &mac_seeotheruids_enabled, 0, "Enforce seeotheruids policy");
 

sys/security/mac_stub/mac_stub.c

@@ -77,7 +77,7 @@ SYSCTL_DECL(_security_mac);
 SYSCTL_NODE(_security_mac, OID_AUTO, none, CTLFLAG_RW, 0,
     "TrustedBSD mac_none policy controls");
 
-static int	mac_none_enabled = 0;
+static int	mac_none_enabled = 1;
 SYSCTL_INT(_security_mac_none, OID_AUTO, enabled, CTLFLAG_RW,
     &mac_none_enabled, 0, "Enforce none policy");
 

sys/security/mac_test/mac_test.c

@@ -73,7 +73,7 @@ SYSCTL_DECL(_security_mac);
 SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0,
     "TrustedBSD mac_test policy controls");
 
-static int	mac_test_enabled = 0;
+static int	mac_test_enabled = 1;
 SYSCTL_INT(_security_mac_test, OID_AUTO, enabled, CTLFLAG_RW,
     &mac_test_enabled, 0, "Enforce test policy");