- Attempt to help declutter kern. sysctl by moving security out from

  beneath it.

Reviewed by: rwatson

8 files changed, 30 insertions, 29 deletions

diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
index ec2e054..3790c6d 100644
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -136,7 +136,7 @@ For a detailed description of these variable see
 .Pp
 The changeable column indicates whether a process with appropriate
 privilege can change the value.
-.Bl -column kern.security.bsd.unprivileged_read_msgbuf integerxxx
+.Bl -column security.bsd.unprivileged_read_msgbuf integerxxx
 .It Sy "Name	Type	Changeable
 .It "kern.ostype	string	no
 .It "kern.osrelease	string	no
@@ -165,10 +165,10 @@ privilege can change the value.
 .It "kern.bootfile	string	yes
 .It "kern.corefile	string	yes
 .It "kern.logsigexit	integer	yes
-.It "kern.security.bsd.suser_enabled	integer	yes
-.It "kern.security.bsd.see_other_uids	integer	yes
-.It "kern.security.bsd.unprivileged_proc_debug	integer	yes
-.It "kern.security.bsd.unprivileged_read_msgbuf	integer	yes
+.It "security.bsd.suser_enabled	integer	yes
+.It "security.bsd.see_other_uids	integer	yes
+.It "security.bsd.unprivileged_proc_debug	integer	yes
+.It "security.bsd.unprivileged_read_msgbuf	integer	yes
 .It "vm.loadavg	struct	no
 .It "hw.machine	string	no
 .It "hw.model	string	no
diff --git a/share/doc/papers/jail/mgt.ms b/share/doc/papers/jail/mgt.ms
index 524dae0..e2835d7 100644
--- a/share/doc/papers/jail/mgt.ms
+++ b/share/doc/papers/jail/mgt.ms
@@ -193,7 +193,7 @@ jails to set the hostname of the jail, which makes the status file less
 useful from a management perspective if the contents of the jail are
 malicious.
 To prevent a jail from changing its hostname, the
-"kern.security.jail.set_hostname_allowed" sysctl may be set to 0 prior to 
+"security.jail.set_hostname_allowed" sysctl may be set to 0 prior to 
 starting any jails.
 .PP
 One aspect immediately observable in an environment with multiple jails
diff --git a/sys/kern/kern_cap.c b/sys/kern/kern_cap.c
index c9be68d..caa1f1a 100644
--- a/sys/kern/kern_cap.c
+++ b/sys/kern/kern_cap.c
@@ -61,9 +61,9 @@
 
 static int	capabilities_enabled = 0;
 
-SYSCTL_NODE(_kern_security, OID_AUTO, capabilities, CTLFLAG_RW, 0,
+SYSCTL_NODE(_security, OID_AUTO, capabilities, CTLFLAG_RW, 0,
     "POSIX.1e Capabilities");
-SYSCTL_INT(_kern_security_capabilities, OID_AUTO, enabled, CTLFLAG_RW,
+SYSCTL_INT(_security_capabilities, OID_AUTO, enabled, CTLFLAG_RW,
     &capabilities_enabled, 0, "POSIX.1e Capabilities enabled");
 #endif
 
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 01ddc1e..0ae8d3f 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -28,24 +28,24 @@
 
 MALLOC_DEFINE(M_PRISON, "prison", "Prison structures");
 
-SYSCTL_DECL(_kern_security);
-SYSCTL_NODE(_kern_security, OID_AUTO, jail, CTLFLAG_RW, 0,
+SYSCTL_DECL(_security);
+SYSCTL_NODE(_security, OID_AUTO, jail, CTLFLAG_RW, 0,
     "Jail rules");
 
 mp_fixme("these variables need a lock")
 
 int	jail_set_hostname_allowed = 1;
-SYSCTL_INT(_kern_security_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
+SYSCTL_INT(_security_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
     &jail_set_hostname_allowed, 0,
     "Processes in jail can set their hostnames");
 
 int	jail_socket_unixiproute_only = 1;
-SYSCTL_INT(_kern_security_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
+SYSCTL_INT(_security_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
     &jail_socket_unixiproute_only, 0,
     "Processes in jail are limited to creating UNIX/IPv4/route sockets only");
 
 int	jail_sysvipc_allowed = 0;
-SYSCTL_INT(_kern_security_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
+SYSCTL_INT(_security_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
     &jail_sysvipc_allowed, 0,
     "Processes in jail can use System V IPC primitives");
 
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c
index a83b5df..c5ac747 100644
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@ -77,6 +77,8 @@ SYSCTL_NODE(, CTL_P1003_1B,  p1003_1b,   CTLFLAG_RW, 0,
 
 SYSCTL_NODE(, OID_AUTO,  compat, CTLFLAG_RW, 0,
 	"Compatibility code");
+SYSCTL_NODE(, OID_AUTO, security, CTLFLAG_RW, 0, 
+     	"Security");
 #ifdef REGRESSION
 SYSCTL_NODE(, OID_AUTO, regression, CTLFLAG_RW, 0,
      "Regression test MIB");
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 6164a44..4214cc1 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -63,9 +63,8 @@
 
 static MALLOC_DEFINE(M_CRED, "cred", "credentials");
 
-SYSCTL_NODE(_kern, OID_AUTO, security, CTLFLAG_RW, 0,
-    "Kernel security policy");
-SYSCTL_NODE(_kern_security, OID_AUTO, bsd, CTLFLAG_RW, 0,
+SYSCTL_DECL(_security);
+SYSCTL_NODE(_security, OID_AUTO, bsd, CTLFLAG_RW, 0,
     "BSD security policy");
 
 #ifndef _SYS_SYSPROTO_H_
@@ -1190,7 +1189,7 @@ groupmember(gid, cred)
 }
 
 /*
- * `suser_enabled' (which can be set by the kern.security.suser_enabled
+ * `suser_enabled' (which can be set by the security.suser_enabled
  * sysctl) determines whether the system 'super-user' policy is in effect.
  * If it is nonzero, an effective uid of 0 connotes special privilege,
  * overriding many mandatory and discretionary protections.  If it is zero,
@@ -1200,9 +1199,9 @@ groupmember(gid, cred)
  * consideration of the consequences.
  */
 int	suser_enabled = 1;
-SYSCTL_INT(_kern_security_bsd, OID_AUTO, suser_enabled, CTLFLAG_RW,
+SYSCTL_INT(_security_bsd, OID_AUTO, suser_enabled, CTLFLAG_RW,
     &suser_enabled, 0, "processes with uid 0 have privilege");
-TUNABLE_INT("kern.security.bsd.suser_enabled", &suser_enabled);
+TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled);
 
 /*
  * Test whether the specified credentials imply "super-user" privilege.
@@ -1312,7 +1311,7 @@ securelevel_ge(struct ucred *cr, int level)
  * XXX: data declarations should be together near the beginning of the file.
  */
 static int	see_other_uids = 1;
-SYSCTL_INT(_kern_security_bsd, OID_AUTO, see_other_uids, CTLFLAG_RW,
+SYSCTL_INT(_security_bsd, OID_AUTO, see_other_uids, CTLFLAG_RW,
     &see_other_uids, 0,
     "Unprivileged processes may see subjects/objects with different real uid");
 
@@ -1491,7 +1490,7 @@ p_cansched(struct proc *p1, struct proc *p2)
  * XXX: data declarations should be together near the beginning of the file.
  */
 static int	unprivileged_proc_debug = 1;
-SYSCTL_INT(_kern_security_bsd, OID_AUTO, unprivileged_proc_debug, CTLFLAG_RW,
+SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_proc_debug, CTLFLAG_RW,
     &unprivileged_proc_debug, 0,
     "Unprivileged processes may use process debugging facilities");
 
diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c
index fcb2dd5..164bbf7 100644
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@@ -819,10 +819,10 @@ msgbufinit(void *ptr, size_t size)
 	oldp = msgbufp;
 }
 
-SYSCTL_DECL(_kern_security_bsd);
+SYSCTL_DECL(_security_bsd);
 
 static int unprivileged_read_msgbuf = 1;
-SYSCTL_INT(_kern_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
+SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
     CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
     "Unprivileged processes may read the kernel message buffer");
 
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 7595e00..3866d19 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -233,7 +233,7 @@ script from within the jail.
 .Pp
 NOTE: If you plan to allow untrusted users to have root access inside the
 jail, you may wish to consider setting the
-.Va kern.security.jail.set_hostname_allowed
+.Va security.jail.set_hostname_allowed
 to 0.
 Please see the management reasons why this is a good idea.
 If you do decide to set this variable,
@@ -311,14 +311,14 @@ default, modified from within the jail, so the
 status entry is unreliable by default.
 To disable the setting of the hostname
 from within a jail, set the
-.Va kern.security.jail.set_hostname_allowed
+.Va security.jail.set_hostname_allowed
 sysctl variable in the host environment to 0, which will affect all jails.
 You can have this sysctl set on each boot using
 .Xr sysctl.conf 5 .
 Just add the following line to
 .Pa /etc/sysctl.conf :
 .Pp
-.Dl kern.security.jail.set_hostname_allowed=0
+.Dl security.jail.set_hostname_allowed=0
 .Pp
 In a future version of
 .Fx ,
@@ -332,7 +332,7 @@ MIB variables.
 Currently, these variables affect all jails on the system, although in
 the future this functionality may be finer grained.
 .Bl -tag -width XXX
-.It Va kern.security.jail.set_hostname_allowed
+.It Va security.jail.set_hostname_allowed
 This MIB entry determines whether or not processes within a jail are
 allowed to change their hostname via
 .Xr hostname 1
@@ -344,7 +344,7 @@ information in
 .Pa /proc .
 As such, this should be disabled in environments where privileged access to
 jails is given out to untrusted parties.
-.It Va kern.security.jail.socket_unixiproute_only
+.It Va security.jail.socket_unixiproute_only
 The jail functionality binds an IPv4 address to each jail, and limits
 access to other network addresses in the IPv4 space that may be available
 in the host environment.
@@ -361,7 +361,7 @@ domain sockets,
 IPv4 addresses, and routing sockets.
 To enable access to other domains, this MIB variable may be set to
 0.
-.It Va kern.security.jail.sysvipc_allowed
+.It Va security.jail.sysvipc_allowed
 This MIB entry determines whether or not processes within a jail have access
 to System V IPC primitives.
 In the current jail implementation, System V primitives share a single