diff options
author | Robert Watson <rwatson@FreeBSD.org> | 2002-08-15 02:28:32 +0000 |
---|---|---|
committer | Robert Watson <rwatson@FreeBSD.org> | 2002-08-15 02:28:32 +0000 |
commit | 99fa64f8633ceccf45f5796608c9c90933129d81 (patch) | |
tree | 5e81b494922fb76ad7d9d18a5bebced641a20ecf /sys | |
parent | b618bb96f0b0f8739ae7638c5434aaebcc64afcb (diff) | |
download | src-99fa64f8633ceccf45f5796608c9c90933129d81.tar.gz src-99fa64f8633ceccf45f5796608c9c90933129d81.zip |
Sync to trustedbsd_mac tree: default to sigsegv rather than copy-on-write
during a label change resulting in an mmap removal. This is "fail stop"
behavior, which is preferred, although it offers slightly less
transparency.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Notes
Notes:
svn path=/head/; revision=101892
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/kern_mac.c | 2 | ||||
-rw-r--r-- | sys/security/mac/mac_framework.c | 2 | ||||
-rw-r--r-- | sys/security/mac/mac_internal.h | 2 | ||||
-rw-r--r-- | sys/security/mac/mac_net.c | 2 | ||||
-rw-r--r-- | sys/security/mac/mac_pipe.c | 2 | ||||
-rw-r--r-- | sys/security/mac/mac_process.c | 2 | ||||
-rw-r--r-- | sys/security/mac/mac_syscalls.c | 2 | ||||
-rw-r--r-- | sys/security/mac/mac_system.c | 2 | ||||
-rw-r--r-- | sys/security/mac/mac_vfs.c | 2 |
9 files changed, 9 insertions, 9 deletions
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c index 547647caa7bf..23c6a7c0eeab 100644 --- a/sys/kern/kern_mac.c +++ b/sys/kern/kern_mac.c @@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD, static int mac_vnode_label_cache_misses = 0; SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); -static int mac_mmap_revocation_via_cow = 1; +static int mac_mmap_revocation_via_cow = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 547647caa7bf..23c6a7c0eeab 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD, static int mac_vnode_label_cache_misses = 0; SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); -static int mac_mmap_revocation_via_cow = 1; +static int mac_mmap_revocation_via_cow = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 547647caa7bf..23c6a7c0eeab 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD, static int mac_vnode_label_cache_misses = 0; SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); -static int mac_mmap_revocation_via_cow = 1; +static int mac_mmap_revocation_via_cow = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index 547647caa7bf..23c6a7c0eeab 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD, static int mac_vnode_label_cache_misses = 0; SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); -static int mac_mmap_revocation_via_cow = 1; +static int mac_mmap_revocation_via_cow = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index 547647caa7bf..23c6a7c0eeab 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD, static int mac_vnode_label_cache_misses = 0; SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); -static int mac_mmap_revocation_via_cow = 1; +static int mac_mmap_revocation_via_cow = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 547647caa7bf..23c6a7c0eeab 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD, static int mac_vnode_label_cache_misses = 0; SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); -static int mac_mmap_revocation_via_cow = 1; +static int mac_mmap_revocation_via_cow = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 547647caa7bf..23c6a7c0eeab 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD, static int mac_vnode_label_cache_misses = 0; SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); -static int mac_mmap_revocation_via_cow = 1; +static int mac_mmap_revocation_via_cow = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index 547647caa7bf..23c6a7c0eeab 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD, static int mac_vnode_label_cache_misses = 0; SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); -static int mac_mmap_revocation_via_cow = 1; +static int mac_mmap_revocation_via_cow = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 547647caa7bf..23c6a7c0eeab 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD, static int mac_vnode_label_cache_misses = 0; SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); -static int mac_mmap_revocation_via_cow = 1; +static int mac_mmap_revocation_via_cow = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " "copy-on-write semantics, or by removing all write access"); |