Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 24 Oct 2002 11:42:51 -0700 (PDT)
From:      Brian Feldman <green@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 20064 for review
Message-ID:  <200210241842.g9OIgpMJ019736@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=20064

Change 20064 by green@green_laptop_2 on 2002/10/24 11:42:34

	Change default MAC VM permissions to:
	
	security.mac.enforce_vm: 1
	security.mac.mmap_revocation: 0
	security.mac.mmap_revocation_via_cow: 1

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#327 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#327 (text+ko) ====

@@ -142,7 +142,7 @@
     &mac_enforce_sysctl, 0, "Enforce MAC policy on sysctl operations");
 TUNABLE_INT("security.mac.enforce_sysctl", &mac_enforce_sysctl);
 
-static int	mac_enforce_vm = 0;
+static int	mac_enforce_vm = 1;
 SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW,
     &mac_enforce_vm, 0, "Enforce MAC policy on vm operations");
 TUNABLE_INT("security.mac.enforce_vm", &mac_enforce_vm);
@@ -157,7 +157,7 @@
 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW,
     &mac_mmap_revocation, 0, "Revoke mmap access to files on subject "
     "relabel");
-static int	mac_mmap_revocation_via_cow = 0;
+static int	mac_mmap_revocation_via_cow = 1;
 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
     &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
     "copy-on-write semantics, or by removing all write access");

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210241842.g9OIgpMJ019736>