- Move _jail sysctl node underneath _kern_security in order to standardize

where our security related sysctl tuneables are located. Also, this will help if/when we move _security node out from under _kern as to help make _kern less cluttered. Approved by: rwatson Review by: rwatson
2001-12-12 05:23:20 +00:00 · 2001-12-12 05:23:20 +00:00 · 83aee5a8d5
commit 83aee5a8d5
parent 9ff712b0f5
1 changed files with 5 additions and 4 deletions
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@ -28,23 +28,24 @@

 MALLOC_DEFINE(M_PRISON, "prison", "Prison structures");

-SYSCTL_NODE(, OID_AUTO, jail, CTLFLAG_RW, 0,
+SYSCTL_DECL(_kern_security);
+SYSCTL_NODE(_kern_security, OID_AUTO, jail, CTLFLAG_RW, 0,
    "Jail rules");

 mp_fixme("these variables need a lock")

 int	jail_set_hostname_allowed = 1;
-SYSCTL_INT(_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
+SYSCTL_INT(_kern_security_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
    &jail_set_hostname_allowed, 0,
    "Processes in jail can set their hostnames");

 int	jail_socket_unixiproute_only = 1;
-SYSCTL_INT(_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
+SYSCTL_INT(_kern_security_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
    &jail_socket_unixiproute_only, 0,
    "Processes in jail are limited to creating UNIX/IPv4/route sockets only");

 int	jail_sysvipc_allowed = 0;
-SYSCTL_INT(_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
+SYSCTL_INT(_kern_security_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
    &jail_sysvipc_allowed, 0,
    "Processes in jail can use System V IPC primitives");