571e4e6285
security.mac.biba.interfaces_equal If non-zero, all network interfaces be created with the label: biba/equal(equal-equal) This is useful where programs which initialize network interfaces do not have any labeling support. This includes dhclient and ppp. A long term solution is to add labeling support into dhclient(8) and ppp(8), and remove this variable. It should be noted that this behavior is different then setting the: security.mac.biba.trust_all_interfaces sysctl variable, as this will create interfaces with a biba/high label. Lower integrity processes are not able to write to the interface in this event. The security.mac.biba.interfaces_equal will override trust_all_interfaces. The security.mac.biba.interfaces_equal variable will be set to zero or disabled by default. MFC after: 2 weeks |
||
|---|---|---|
| .. | ||
| mac | ||
| mac_biba | ||
| mac_bsdextended | ||
| mac_ifoff | ||
| mac_lomac | ||
| mac_mls | ||
| mac_none | ||
| mac_partition | ||
| mac_portacl | ||
| mac_seeotheruids | ||
| mac_stub | ||
| mac_test | ||