Date: Tue, 7 Jan 2003 05:28:25 -0800 (PST) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 23337 for review Message-ID: <200301071328.h07DSPvb065216@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=23337 Change 23337 by green@green_laptop_2 on 2003/01/07 05:28:08 Add a tunable (os-dependent, that is) to avc/avc.c which allows you to enable enforcement mode from the boot loader. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#13 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/avc/avc.c#13 (text+ko) ==== @@ -235,6 +235,11 @@ if (!avc_audit_buffer) panic("AVC: unable to allocate audit buffer\n"); mtx_init(&avc_lock, "SEBSD AVC", NULL, MTX_DEF); + /* The fetch may or may not occur; if not, it doesn't change int *. */ + avc_debug_always_allow = !avc_debug_always_allow; + TUNABLE_INT_FETCH("security.mac.sebsd.enforcing", + &avc_debug_always_allow); + avc_debug_always_allow = !avc_debug_always_allow; } /* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301071328.h07DSPvb065216>