d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add MAC_ALWAYS_LABEL_MBUF to options; this permits the administrator

Browse Source 
to force the allocation of MAC labels for all mbufs regardless of
whether a configured policy requires labeling when the mbuf is
allocated.  This can be useful it you anticipate loading a fully
labeled policy after boot and don't want mbufs to exist without
label storage, for performance measurement purposes, etc.  It also
slightly lowers the overhead of m_tag labeling due to removing the
decision logic.

While here, improve commenting of other MAC options.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
This commit is contained in:
rwatson 2003-04-14 21:45:12 +00:00
parent 53a050aac3
commit 301ae63096
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/conf/options
View File

@ -152,8 +152,14 @@ P1003_1B_SEMAPHORES opt_posix.h
#####################################################################
# SECURITY POLICY PARAMETERS
# Support for Mandatory Access Control (MAC)
# Support for Mandatory Access Control (MAC), extensible kernel
# access control framework.
MAC
# Options for MAC framework behavior and performance
MAC_ALWAYS_LABEL_MBUF opt_mac.h
# MAC policy modules that can be linked into the kernel
MAC_BIBA opt_dontuse.h
MAC_BSDEXTENDED opt_dontuse.h
MAC_DEBUG opt_mac.h