freebsd-nq/sys/security/mac_biba
Christian S.J. Peron 571e4e6285 Introduce a new sysctl variable:
security.mac.biba.interfaces_equal

If non-zero, all network interfaces be created with the label:

biba/equal(equal-equal)

This is useful where programs which initialize network interfaces
do not have any labeling support. This includes dhclient and ppp. A
long term solution is to add labeling support into dhclient(8)
and ppp(8), and remove this variable.

It should be noted that this behavior is different then setting the:

security.mac.biba.trust_all_interfaces

sysctl variable, as this will create interfaces with a biba/high label.
Lower integrity processes are not able to write to the interface in this
event. The security.mac.biba.interfaces_equal will override
trust_all_interfaces.

The security.mac.biba.interfaces_equal variable will be set to zero
or disabled by default.

MFC after:	2 weeks
2005-12-31 05:06:59 +00:00
..
mac_biba.c Introduce a new sysctl variable: 2005-12-31 05:06:59 +00:00
mac_biba.h Rename Biba and MLS _single label elements to _effective, which more 2004-07-16 02:03:50 +00:00