aboutsummaryrefslogtreecommitdiff
path: root/sys/security/mac_biba/mac_biba.c
diff options
context:
space:
mode:
authorGlen Barber <gjb@FreeBSD.org>2014-06-27 22:05:21 +0000
committerGlen Barber <gjb@FreeBSD.org>2014-06-27 22:05:21 +0000
commit37a107a407cdb47ee0f4c4337e369e9973b34076 (patch)
treefce5301b062a855bc68b9cb76c6b5966c5a2acbe /sys/security/mac_biba/mac_biba.c
parentd2f1b8f4d2975ca1ec3e7519f9d755af40f357e0 (diff)
Revert r267961, r267973:
These changes prevent sysctl(8) from returning proper output, such as: 1) no output from sysctl(8) 2) erroneously returning ENOMEM with tools like truss(1) or uname(1) truss: can not get etype: Cannot allocate memory
Notes
Notes: svn path=/head/; revision=267985
Diffstat (limited to 'sys/security/mac_biba/mac_biba.c')
-rw-r--r--sys/security/mac_biba/mac_biba.c19
1 files changed, 13 insertions, 6 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index b5bf8c32dbef..375b8a3eb795 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -100,36 +100,43 @@ SYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD,
&biba_label_size, 0, "Size of struct mac_biba");
static int biba_enabled = 1;
-SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RWTUN, &biba_enabled,
+SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, &biba_enabled,
0, "Enforce MAC/Biba policy");
+TUNABLE_INT("security.mac.biba.enabled", &biba_enabled);
static int destroyed_not_inited;
SYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD,
&destroyed_not_inited, 0, "Count of labels destroyed but not inited");
static int trust_all_interfaces = 0;
-SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RDTUN,
+SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD,
&trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba");
+TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces);
static char trusted_interfaces[128];
-SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RDTUN,
+SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD,
trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba");
+TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces,
+ sizeof(trusted_interfaces));
static int max_compartments = MAC_BIBA_MAX_COMPARTMENTS;
SYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD,
&max_compartments, 0, "Maximum supported compartments");
static int ptys_equal = 0;
-SYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RWTUN, &ptys_equal,
+SYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, &ptys_equal,
0, "Label pty devices as biba/equal on create");
+TUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal);
static int interfaces_equal = 1;
-SYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RWTUN,
+SYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW,
&interfaces_equal, 0, "Label network interfaces as biba/equal on create");
+TUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal);
static int revocation_enabled = 0;
-SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RWTUN,
+SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW,
&revocation_enabled, 0, "Revoke access to objects on relabel");
+TUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled);
static int biba_slot;
#define SLOT(l) ((struct mac_biba *)mac_label_get((l), biba_slot))