diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2009-06-02 18:31:08 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2009-06-02 18:31:08 +0000 |
| commit | bd875f5f13b7874fc451fd1295730f577bcbc2bd (patch) | |
| tree | c54525a6e0aff1a518bfb0388e7af117d0d32e4b /sys/ia64/conf | |
| parent | 923f9901b4a70015b5218ed0121f542da1002618 (diff) | |
| download | src-bd875f5f13b7874fc451fd1295730f577bcbc2bd.tar.gz src-bd875f5f13b7874fc451fd1295730f577bcbc2bd.zip | |
Remove MAC kernel config files and add "options MAC" to GENERIC, with the
goal of shipping 8.0 with MAC support in the default kernel. No policies
will be compiled in or enabled by default, but it will now be possible to
load them at boot or runtime without a kernel recompile.
While the framework is not believed to impose measurable overhead when no
policies are loaded (a result of optimization over the past few months in
HEAD), we'll continue to benchmark and optimize as the release approaches.
Please keep an eye out for performance or functionality regressions that
could be a result of this change.
Approved by: re (kensmith)
Obtained from: TrustedBSD Project
Notes
Notes:
svn path=/head/; revision=193334
Diffstat (limited to 'sys/ia64/conf')
| -rw-r--r-- | sys/ia64/conf/GENERIC | 1 | ||||
| -rw-r--r-- | sys/ia64/conf/MAC | 28 |
2 files changed, 1 insertions, 28 deletions
diff --git a/sys/ia64/conf/GENERIC b/sys/ia64/conf/GENERIC index ab471f78f348..83d1f60619c0 100644 --- a/sys/ia64/conf/GENERIC +++ b/sys/ia64/conf/GENERIC @@ -40,6 +40,7 @@ options INVARIANTS # Enable calls of extra sanity checking options INVARIANT_SUPPORT # required by INVARIANTS options KDB # Enable kernel debugger support options KTRACE # ktrace(1) syscall trace support +options MAC # TrustedBSD MAC Framework options MD_ROOT # MD usable as root device options MSDOSFS # MSDOS Filesystem options NFSCLIENT # Network Filesystem Client diff --git a/sys/ia64/conf/MAC b/sys/ia64/conf/MAC deleted file mode 100644 index a4acaeba9288..000000000000 --- a/sys/ia64/conf/MAC +++ /dev/null @@ -1,28 +0,0 @@ -# MAC -- Generic kernel configuration file for FreeBSD/ia64 MAC -# -# The Mandatory Access Control, or MAC, framework allows administrators to -# finely control system security by providing for a loadable security pol- -# icy architecture. -# -# For more information see: -# -# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mac.html -# -# $FreeBSD$ - -include GENERIC -ident MAC - -options MAC - -#options MAC_BIBA # BIBA data integrity policy -#options MAC_BSDEXTENDED # File system firewall policy -#options MAC_IFOFF # Network interface silencing policy -#options MAC_LOMAC # Low-watermark data integrity policy -#options MAC_MLS # Multi-level confidentiality policy -#options MAC_NONE # NULL policy -#options MAC_PARTITION # Process partition policy -#options MAC_PORTACL # Network port access control policy -#options MAC_SEEOTHERUIDS # UID visibility policy -#options MAC_STUB # Stub policy -#options MAC_TEST # Testing policy for the MAC framework |