diff options
| author | rwatson <rwatson@FreeBSD.org> | 2003-04-14 21:45:12 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2003-04-14 21:45:12 +0000 |
| commit | 301ae6309656cb89a587a672d3b99cfbe675b5a3 (patch) | |
| tree | 4d838c72c607827546888c3b0cbef020dc1b89ad | |
| parent | 53a050aac3fa734d90417e05216e4a2bdaa259e4 (diff) | |
| download | FreeBSD-src-301ae6309656cb89a587a672d3b99cfbe675b5a3.zip FreeBSD-src-301ae6309656cb89a587a672d3b99cfbe675b5a3.tar.gz | |
Add MAC_ALWAYS_LABEL_MBUF to options; this permits the administrator
to force the allocation of MAC labels for all mbufs regardless of
whether a configured policy requires labeling when the mbuf is
allocated. This can be useful it you anticipate loading a fully
labeled policy after boot and don't want mbufs to exist without
label storage, for performance measurement purposes, etc. It also
slightly lowers the overhead of m_tag labeling due to removing the
decision logic.
While here, improve commenting of other MAC options.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
| -rw-r--r-- | sys/conf/options | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/conf/options b/sys/conf/options index 996c706..8fefa39 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -152,8 +152,14 @@ P1003_1B_SEMAPHORES opt_posix.h ##################################################################### # SECURITY POLICY PARAMETERS -# Support for Mandatory Access Control (MAC) +# Support for Mandatory Access Control (MAC), extensible kernel +# access control framework. MAC + +# Options for MAC framework behavior and performance +MAC_ALWAYS_LABEL_MBUF opt_mac.h + +# MAC policy modules that can be linked into the kernel MAC_BIBA opt_dontuse.h MAC_BSDEXTENDED opt_dontuse.h MAC_DEBUG opt_mac.h |
