aboutsummaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2002-08-15 02:28:32 +0000
committerRobert Watson <rwatson@FreeBSD.org>2002-08-15 02:28:32 +0000
commit99fa64f8633ceccf45f5796608c9c90933129d81 (patch)
tree5e81b494922fb76ad7d9d18a5bebced641a20ecf /sys
parentb618bb96f0b0f8739ae7638c5434aaebcc64afcb (diff)
downloadsrc-99fa64f8633ceccf45f5796608c9c90933129d81.tar.gz
src-99fa64f8633ceccf45f5796608c9c90933129d81.zip
Sync to trustedbsd_mac tree: default to sigsegv rather than copy-on-write
during a label change resulting in an mmap removal. This is "fail stop" behavior, which is preferred, although it offers slightly less transparency. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Notes
Notes: svn path=/head/; revision=101892
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/kern_mac.c2
-rw-r--r--sys/security/mac/mac_framework.c2
-rw-r--r--sys/security/mac/mac_internal.h2
-rw-r--r--sys/security/mac/mac_net.c2
-rw-r--r--sys/security/mac/mac_pipe.c2
-rw-r--r--sys/security/mac/mac_process.c2
-rw-r--r--sys/security/mac/mac_syscalls.c2
-rw-r--r--sys/security/mac/mac_system.c2
-rw-r--r--sys/security/mac/mac_vfs.c2
9 files changed, 9 insertions, 9 deletions
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c
index 547647caa7bf..23c6a7c0eeab 100644
--- a/sys/kern/kern_mac.c
+++ b/sys/kern/kern_mac.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation_via_cow = 1;
+static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index 547647caa7bf..23c6a7c0eeab 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation_via_cow = 1;
+static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index 547647caa7bf..23c6a7c0eeab 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation_via_cow = 1;
+static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index 547647caa7bf..23c6a7c0eeab 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation_via_cow = 1;
+static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index 547647caa7bf..23c6a7c0eeab 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation_via_cow = 1;
+static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index 547647caa7bf..23c6a7c0eeab 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation_via_cow = 1;
+static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index 547647caa7bf..23c6a7c0eeab 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation_via_cow = 1;
+static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index 547647caa7bf..23c6a7c0eeab 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation_via_cow = 1;
+static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index 547647caa7bf..23c6a7c0eeab 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
static int mac_vnode_label_cache_misses = 0;
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int mac_mmap_revocation_via_cow = 1;
+static int mac_mmap_revocation_via_cow = 0;
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
"copy-on-write semantics, or by removing all write access");
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-21 05:31:34 +0000