o Add a configSecurity menu to generally configure security settings,

  and pull configSecurityProfile under that menu.  Add a menu option
  to determine whether LOMAC is enabled at boot.  Probably, eventually,
  many of the 'Security Profile' menu choices should be pulled out
  independently into the Security Menu, so as to make them individually
  selectable.

Sponsored by:	DARPA, NAI Labs

6 files changed, 62 insertions, 6 deletions

diff --git a/usr.sbin/sade/config.c b/usr.sbin/sade/config.c
index d12cd91efa40..cf68adb83405 100644
--- a/usr.sbin/sade/config.c
+++ b/usr.sbin/sade/config.c
@@ -480,6 +480,17 @@ configLinux(dialogMenuItem *self)
 }
 
 int
+configSecurity(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    dialog_clear_norefresh();
+    dmenuOpenSimple(&MenuSecurity, FALSE);
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
+int
 configSecurityProfile(dialogMenuItem *self)
 {
     WINDOW *w = savescr();
diff --git a/usr.sbin/sade/menus.c b/usr.sbin/sade/menus.c
index 88f065c11b20..3e1878907942 100644
--- a/usr.sbin/sade/menus.c
+++ b/usr.sbin/sade/menus.c
@@ -261,7 +261,7 @@ DMenu MenuIndex = {
       { " PCNFSD",		"Run authentication server for PC-NFS.", dmenuVarCheck, configPCNFSD, NULL, "pcnfsd" },
       { " Root Password",	"Set the system manager's password.",   NULL, dmenuSystemCommand, NULL, "passwd root" },
       { " Router",		"Select routing daemon (default: routed)", NULL, configRouter, NULL, "router_enable" },
-      { " Security",		"Select a default system security profile.", NULL, dmenuSubmenu, NULL, &MenuSecurityProfile },
+      { " Security",		"Configure system security options", NULL, dmenuSubmenu, NULL, &MenuSecurity },
       { " Syscons",		"The system console configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSyscons },
       { " Syscons, Font",	"The console screen font.",	  NULL, dmenuSubmenu, NULL, &MenuSysconsFont },
       { " Syscons, Keymap",	"The console keymap configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSysconsKeymap },
@@ -1259,8 +1259,8 @@ DMenu MenuConfigure = {
 	NULL,	dmenuSubmenu, NULL, &MenuMouse, NULL },
       { " Networking",	"Configure additional network services",
 	NULL,	dmenuSubmenu, NULL, &MenuNetworking },
-      { " Security",	"Select default system security profile",
-	NULL,	dmenuSubmenu, NULL, &MenuSecurityProfile },
+      { " Security",	"Configure system security options",
+	NULL,	dmenuSubmenu, NULL, &MenuSecurity },
       { " Startup",	"Configure system startup options",
 	NULL,	dmenuSubmenu, NULL, &MenuStartup },
       { " TTYs",	"Configure system ttys.",
@@ -2079,6 +2079,22 @@ DMenu MenuUsermgmt = {
       { NULL } },
 };
 
+DMenu MenuSecurity = {
+    DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS,
+    "System Security Options Menu",
+    "This menu allows you to configure aspects of the operating systme\n"
+    "policy.\n",
+    "Configure system security options",
+    NULL,
+    { { "X Exit",      "Exit this menu (returning to previous)",
+	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
+      { " Security Profile",   "Select a security profile for the system",
+	NULL, configSecurityProfile },
+      { " LOMAC",         "Use Low Watermark Mandatory Access Control at boot",
+	dmenuVarCheck,  dmenuToggleVariable, NULL, "lomac_enable=YES" },
+      { NULL } },
+};
+
 DMenu MenuSecurityProfile = {
     DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
     "Default system security profile",
diff --git a/usr.sbin/sade/sade.h b/usr.sbin/sade/sade.h
index ed124a3f2f64..7ee69c158a73 100644
--- a/usr.sbin/sade/sade.h
+++ b/usr.sbin/sade/sade.h
@@ -384,6 +384,7 @@ extern DMenu		MenuMediaFTP;		/* FTP media menu				*/
 extern DMenu		MenuMediaTape;		/* Tape media menu				*/
 extern DMenu		MenuNetworkDevice;	/* Network device menu				*/
 extern DMenu		MenuNTP;		/* NTP time server menu				*/
+extern DMenu		MenuSecurity;		/* System security options menu			*/
 extern DMenu		MenuSecurityProfile;	/* Security profile menu			*/
 extern DMenu		MenuStartup;		/* Startup services menu			*/
 extern DMenu		MenuSyscons;		/* System console configuration menu		*/
diff --git a/usr.sbin/sysinstall/config.c b/usr.sbin/sysinstall/config.c
index d12cd91efa40..cf68adb83405 100644
--- a/usr.sbin/sysinstall/config.c
+++ b/usr.sbin/sysinstall/config.c
@@ -480,6 +480,17 @@ configLinux(dialogMenuItem *self)
 }
 
 int
+configSecurity(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    dialog_clear_norefresh();
+    dmenuOpenSimple(&MenuSecurity, FALSE);
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
+int
 configSecurityProfile(dialogMenuItem *self)
 {
     WINDOW *w = savescr();
diff --git a/usr.sbin/sysinstall/menus.c b/usr.sbin/sysinstall/menus.c
index 88f065c11b20..3e1878907942 100644
--- a/usr.sbin/sysinstall/menus.c
+++ b/usr.sbin/sysinstall/menus.c
@@ -261,7 +261,7 @@ DMenu MenuIndex = {
       { " PCNFSD",		"Run authentication server for PC-NFS.", dmenuVarCheck, configPCNFSD, NULL, "pcnfsd" },
       { " Root Password",	"Set the system manager's password.",   NULL, dmenuSystemCommand, NULL, "passwd root" },
       { " Router",		"Select routing daemon (default: routed)", NULL, configRouter, NULL, "router_enable" },
-      { " Security",		"Select a default system security profile.", NULL, dmenuSubmenu, NULL, &MenuSecurityProfile },
+      { " Security",		"Configure system security options", NULL, dmenuSubmenu, NULL, &MenuSecurity },
       { " Syscons",		"The system console configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSyscons },
       { " Syscons, Font",	"The console screen font.",	  NULL, dmenuSubmenu, NULL, &MenuSysconsFont },
       { " Syscons, Keymap",	"The console keymap configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSysconsKeymap },
@@ -1259,8 +1259,8 @@ DMenu MenuConfigure = {
 	NULL,	dmenuSubmenu, NULL, &MenuMouse, NULL },
       { " Networking",	"Configure additional network services",
 	NULL,	dmenuSubmenu, NULL, &MenuNetworking },
-      { " Security",	"Select default system security profile",
-	NULL,	dmenuSubmenu, NULL, &MenuSecurityProfile },
+      { " Security",	"Configure system security options",
+	NULL,	dmenuSubmenu, NULL, &MenuSecurity },
       { " Startup",	"Configure system startup options",
 	NULL,	dmenuSubmenu, NULL, &MenuStartup },
       { " TTYs",	"Configure system ttys.",
@@ -2079,6 +2079,22 @@ DMenu MenuUsermgmt = {
       { NULL } },
 };
 
+DMenu MenuSecurity = {
+    DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS,
+    "System Security Options Menu",
+    "This menu allows you to configure aspects of the operating systme\n"
+    "policy.\n",
+    "Configure system security options",
+    NULL,
+    { { "X Exit",      "Exit this menu (returning to previous)",
+	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
+      { " Security Profile",   "Select a security profile for the system",
+	NULL, configSecurityProfile },
+      { " LOMAC",         "Use Low Watermark Mandatory Access Control at boot",
+	dmenuVarCheck,  dmenuToggleVariable, NULL, "lomac_enable=YES" },
+      { NULL } },
+};
+
 DMenu MenuSecurityProfile = {
     DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
     "Default system security profile",
diff --git a/usr.sbin/sysinstall/sysinstall.h b/usr.sbin/sysinstall/sysinstall.h
index ed124a3f2f64..7ee69c158a73 100644
--- a/usr.sbin/sysinstall/sysinstall.h
+++ b/usr.sbin/sysinstall/sysinstall.h
@@ -384,6 +384,7 @@ extern DMenu		MenuMediaFTP;		/* FTP media menu				*/
 extern DMenu		MenuMediaTape;		/* Tape media menu				*/
 extern DMenu		MenuNetworkDevice;	/* Network device menu				*/
 extern DMenu		MenuNTP;		/* NTP time server menu				*/
+extern DMenu		MenuSecurity;		/* System security options menu			*/
 extern DMenu		MenuSecurityProfile;	/* Security profile menu			*/
 extern DMenu		MenuStartup;		/* Startup services menu			*/
 extern DMenu		MenuSyscons;		/* System console configuration menu		*/