Date: Mon, 16 Sep 2002 10:02:08 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 17578 for review Message-ID: <200209161702.g8GH28rW083336@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17578 Change 17578 by rwatson@rwatson_tislabs on 2002/09/16 10:02:02 Add an 'enforce_vm' flag that disables mmap protection stuff. Enabled by default (same as existing code). Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#262 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#262 (text+ko) ==== @@ -146,6 +146,10 @@ SYSCTL_INT(_security_mac, OID_AUTO, enforce_pipe, CTLFLAG_RW, &mac_enforce_pipe, 0, "Enforce MAC policy on pipe operations"); +static int mac_enforce_vm = 1; +SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW, + &mac_enforce_vm, 0, "Enforce MAC policy on vm operations"); + static int mac_label_size = sizeof(struct mac); SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD, &mac_label_size, 0, "Pre-compiled MAC label size"); @@ -1825,6 +1829,9 @@ { vm_prot_t result = VM_PROT_ALL; + if (!mac_enforce_vm) + return (result); + /* * This should be some sort of MAC_BITWISE, maybe :) */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209161702.g8GH28rW083336>