d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFC the security.mac.biba.interfaces_equal sysctl variable

Browse Source
This commit is contained in:
csjp 2006-01-24 04:10:25 +00:00
parent 59c3c1b282
commit ad39fedd90
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/security/mac_biba/mac_biba.c
View File

@ -124,6 +124,11 @@ SYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW,
&ptys_equal, 0, "Label pty devices as biba/equal on create"); &ptys_equal, 0, "Label pty devices as biba/equal on create");
TUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); TUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal);
static int interfaces_equal;
SYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW,
&interfaces_equal, 0, "Label network interfaces as biba/equal on create");
TUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal);
static int revocation_enabled = 0; static int revocation_enabled = 0;
SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW, SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW,
&revocation_enabled, 0, "Revoke access to objects on relabel"); &revocation_enabled, 0, "Revoke access to objects on relabel");
@ -1176,7 +1181,7 @@ mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
dest = SLOT(ifnetlabel); dest = SLOT(ifnetlabel);
if (ifnet->if_type == IFT_LOOP) { if (ifnet->if_type == IFT_LOOP || interfaces_equal != 0) {
type = MAC_BIBA_TYPE_EQUAL; type = MAC_BIBA_TYPE_EQUAL;
goto set; goto set;
} }