diff options
| author | rwatson <rwatson@FreeBSD.org> | 2009-06-02 18:31:08 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2009-06-02 18:31:08 +0000 |
| commit | 14f4a9dd42b965a4a23b2aef0c7496f931649524 (patch) | |
| tree | c54525a6e0aff1a518bfb0388e7af117d0d32e4b /sys/amd64 | |
| parent | 9d4f8dda8fd9436afd4e7d6c966045d29d4cf2eb (diff) | |
| download | FreeBSD-src-14f4a9dd42b965a4a23b2aef0c7496f931649524.zip FreeBSD-src-14f4a9dd42b965a4a23b2aef0c7496f931649524.tar.gz | |
Remove MAC kernel config files and add "options MAC" to GENERIC, with the
goal of shipping 8.0 with MAC support in the default kernel. No policies
will be compiled in or enabled by default, but it will now be possible to
load them at boot or runtime without a kernel recompile.
While the framework is not believed to impose measurable overhead when no
policies are loaded (a result of optimization over the past few months in
HEAD), we'll continue to benchmark and optimize as the release approaches.
Please keep an eye out for performance or functionality regressions that
could be a result of this change.
Approved by: re (kensmith)
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/amd64')
| -rw-r--r-- | sys/amd64/conf/GENERIC | 1 | ||||
| -rw-r--r-- | sys/amd64/conf/MAC | 28 |
2 files changed, 1 insertions, 28 deletions
diff --git a/sys/amd64/conf/GENERIC b/sys/amd64/conf/GENERIC index 569e0cd..6ff85e2 100644 --- a/sys/amd64/conf/GENERIC +++ b/sys/amd64/conf/GENERIC @@ -70,6 +70,7 @@ options KBD_INSTALL_CDEV # install a CDEV entry in /dev options STOP_NMI # Stop CPUS using NMI instead of IPI options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options MAC # TrustedBSD MAC Framework #options KDTRACE_FRAME # Ensure frames are compiled in #options KDTRACE_HOOKS # Kernel DTrace hooks diff --git a/sys/amd64/conf/MAC b/sys/amd64/conf/MAC deleted file mode 100644 index 306f36f..0000000 --- a/sys/amd64/conf/MAC +++ /dev/null @@ -1,28 +0,0 @@ -# MAC -- Generic kernel configuration file for FreeBSD/amd64 MAC -# -# The Mandatory Access Control, or MAC, framework allows administrators to -# finely control system security by providing for a loadable security pol- -# icy architecture. -# -# For more information see: -# -# http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mac.html -# -# $FreeBSD$ - -include GENERIC -ident MAC - -options MAC - -#options MAC_BIBA # BIBA data integrity policy -#options MAC_BSDEXTENDED # File system firewall policy -#options MAC_IFOFF # Network interface silencing policy -#options MAC_LOMAC # Low-watermark data integrity policy -#options MAC_MLS # Multi-level confidentiality policy -#options MAC_NONE # NULL policy -#options MAC_PARTITION # Process partition policy -#options MAC_PORTACL # Network port access control policy -#options MAC_SEEOTHERUIDS # UID visibility policy -#options MAC_STUB # Stub policy -#options MAC_TEST # Testing policy for the MAC framework |
