diff options
| author | Andrew R. Reiter <arr@FreeBSD.org> | 2001-12-12 05:23:20 +0000 |
|---|---|---|
| committer | Andrew R. Reiter <arr@FreeBSD.org> | 2001-12-12 05:23:20 +0000 |
| commit | 83aee5a8d53685acf6d0b346e7ba9b22fa44f0e2 (patch) | |
| tree | 3b4fb2fa48cd8ffdc163ac0ef4db7f59ab1c46a1 /sys | |
| parent | 9ff712b0f5e27b68efdb47d863ab7ef8ee243a5b (diff) | |
| download | src-83aee5a8d53685acf6d0b346e7ba9b22fa44f0e2.tar.gz src-83aee5a8d53685acf6d0b346e7ba9b22fa44f0e2.zip | |
- Move _jail sysctl node underneath _kern_security in order to standardize
where our security related sysctl tuneables are located. Also, this
will help if/when we move _security node out from under _kern as to help
make _kern less cluttered.
Approved by: rwatson
Review by: rwatson
Notes
Notes:
svn path=/head/; revision=87716
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/kern_jail.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 47849894d2ae..01ddc1e65e16 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -28,23 +28,24 @@ MALLOC_DEFINE(M_PRISON, "prison", "Prison structures"); -SYSCTL_NODE(, OID_AUTO, jail, CTLFLAG_RW, 0, +SYSCTL_DECL(_kern_security); +SYSCTL_NODE(_kern_security, OID_AUTO, jail, CTLFLAG_RW, 0, "Jail rules"); mp_fixme("these variables need a lock") int jail_set_hostname_allowed = 1; -SYSCTL_INT(_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW, +SYSCTL_INT(_kern_security_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW, &jail_set_hostname_allowed, 0, "Processes in jail can set their hostnames"); int jail_socket_unixiproute_only = 1; -SYSCTL_INT(_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW, +SYSCTL_INT(_kern_security_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW, &jail_socket_unixiproute_only, 0, "Processes in jail are limited to creating UNIX/IPv4/route sockets only"); int jail_sysvipc_allowed = 0; -SYSCTL_INT(_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW, +SYSCTL_INT(_kern_security_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW, &jail_sysvipc_allowed, 0, "Processes in jail can use System V IPC primitives"); |