1 files changed, 13 insertions, 6 deletions

diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index b5bf8c32dbef..375b8a3eb795 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -100,36 +100,43 @@ SYSCTL_INT(_security_mac_biba, OID_AUTO, label_size, CTLFLAG_RD,
     &biba_label_size, 0, "Size of struct mac_biba");
 
 static int	biba_enabled = 1;
-SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RWTUN, &biba_enabled,
+SYSCTL_INT(_security_mac_biba, OID_AUTO, enabled, CTLFLAG_RW, &biba_enabled,
     0, "Enforce MAC/Biba policy");
+TUNABLE_INT("security.mac.biba.enabled", &biba_enabled);
 
 static int	destroyed_not_inited;
 SYSCTL_INT(_security_mac_biba, OID_AUTO, destroyed_not_inited, CTLFLAG_RD,
     &destroyed_not_inited, 0, "Count of labels destroyed but not inited");
 
 static int	trust_all_interfaces = 0;
-SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RDTUN,
+SYSCTL_INT(_security_mac_biba, OID_AUTO, trust_all_interfaces, CTLFLAG_RD,
     &trust_all_interfaces, 0, "Consider all interfaces 'trusted' by MAC/Biba");
+TUNABLE_INT("security.mac.biba.trust_all_interfaces", &trust_all_interfaces);
 
 static char	trusted_interfaces[128];
-SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RDTUN,
+SYSCTL_STRING(_security_mac_biba, OID_AUTO, trusted_interfaces, CTLFLAG_RD,
     trusted_interfaces, 0, "Interfaces considered 'trusted' by MAC/Biba");
+TUNABLE_STR("security.mac.biba.trusted_interfaces", trusted_interfaces,
+    sizeof(trusted_interfaces));
 
 static int	max_compartments = MAC_BIBA_MAX_COMPARTMENTS;
 SYSCTL_INT(_security_mac_biba, OID_AUTO, max_compartments, CTLFLAG_RD,
     &max_compartments, 0, "Maximum supported compartments");
 
 static int	ptys_equal = 0;
-SYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RWTUN, &ptys_equal,
+SYSCTL_INT(_security_mac_biba, OID_AUTO, ptys_equal, CTLFLAG_RW, &ptys_equal,
     0, "Label pty devices as biba/equal on create");
+TUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal);
 
 static int	interfaces_equal = 1;
-SYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RWTUN,
+SYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW,
     &interfaces_equal, 0, "Label network interfaces as biba/equal on create");
+TUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal);
 
 static int	revocation_enabled = 0;
-SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RWTUN,
+SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW,
     &revocation_enabled, 0, "Revoke access to objects on relabel");
+TUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled);
 
 static int	biba_slot;
 #define	SLOT(l)	((struct mac_biba *)mac_label_get((l), biba_slot))