Date: Sat, 31 Dec 2005 05:06:59 +0000 (UTC) From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/security/mac_biba mac_biba.c Message-ID: <200512310506.jBV56xx7024698@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
csjp 2005-12-31 05:06:59 UTC
FreeBSD src repository
Modified files:
sys/security/mac_biba mac_biba.c
Log:
Introduce a new sysctl variable:
security.mac.biba.interfaces_equal
If non-zero, all network interfaces be created with the label:
biba/equal(equal-equal)
This is useful where programs which initialize network interfaces
do not have any labeling support. This includes dhclient and ppp. A
long term solution is to add labeling support into dhclient(8)
and ppp(8), and remove this variable.
It should be noted that this behavior is different then setting the:
security.mac.biba.trust_all_interfaces
sysctl variable, as this will create interfaces with a biba/high label.
Lower integrity processes are not able to write to the interface in this
event. The security.mac.biba.interfaces_equal will override
trust_all_interfaces.
The security.mac.biba.interfaces_equal variable will be set to zero
or disabled by default.
MFC after: 2 weeks
Revision Changes Path
1.91 +6 -1 src/sys/security/mac_biba/mac_biba.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512310506.jBV56xx7024698>