diff options
author | trhodes <trhodes@FreeBSD.org> | 2004-09-10 15:14:50 +0000 |
---|---|---|
committer | trhodes <trhodes@FreeBSD.org> | 2004-09-10 15:14:50 +0000 |
commit | 44506a9b6800da0024893393d5496083318a9cc6 (patch) | |
tree | 25db22960c07fc788472460b6ed8e9259bd7d64f | |
parent | 46e872d3e6662da8954b172e31315d29d61c2314 (diff) | |
download | FreeBSD-src-44506a9b6800da0024893393d5496083318a9cc6.zip FreeBSD-src-44506a9b6800da0024893393d5496083318a9cc6.tar.gz |
Remove the debugging tunable, it was not being used.
Enable first match by default.[1]
We should: rwatson [1]
-rw-r--r-- | share/man/man4/mac_bsdextended.4 | 6 | ||||
-rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 11 |
2 files changed, 3 insertions, 14 deletions
diff --git a/share/man/man4/mac_bsdextended.4 b/share/man/man4/mac_bsdextended.4 index aa4d35b..bef07a8 100644 --- a/share/man/man4/mac_bsdextended.4 +++ b/share/man/man4/mac_bsdextended.4 @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 21, 2004 +.Dd September 10, 2004 .Os .Dt MAC_BSDEXTENDED 4 .Sh NAME @@ -101,12 +101,10 @@ List the number of defined rules, the maximum rule count is current set at 256. .It Va security.mac.bsdextended.rule_slots List the number of rule slots currently being used. -.It Va security.mac.bsdextended.debugging -Toggle between debugging mode, currently this does -nothing and will soon be removed. .It Va security.mac.bsdextended.firstmatch_enabled Toggle between the old all rules match functionality and the new first rule matches functionality. +This is enabled by default. .It Va security.mac.bsdextended.logging Log all access violations via the .Dv AUTHPRIV diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index c9e97f0..0d8985e 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -94,15 +94,6 @@ SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, rule_slots, CTLFLAG_RD, &rule_slots, 0, "Number of used rule slots\n"); /* - * This tunable spits out information about what is going on which - * would be more suited for a log file. Eventually - * this will go away as we do not currently use it. - */ -static int mac_bsdextended_debugging; -SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, debugging, CTLFLAG_RW, - &mac_bsdextended_debugging, 0, "Enable debugging on failure"); - -/* * This is just used for logging purposes as eventually we would like * to log much more then failed requests. */ @@ -118,7 +109,7 @@ SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, logging, CTLFLAG_RW, static int mac_bsdextended_firstmatch_enabled; SYSCTL_INT(_security_mac_bsdextended, OID_AUTO, firstmatch_enabled, - CTLFLAG_RW, &mac_bsdextended_firstmatch_enabled, 0, + CTLFLAG_RW, &mac_bsdextended_firstmatch_enabled, 1, "Disable/enable match first rule functionality"); static int |