Add a toggle to disable VM enforcement.

Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
author: rwatson <rwatson@FreeBSD.org> 2002-09-18 02:02:08 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-09-18 02:02:08 +0000
commit: 90f35dab01cd0251ff48ff81a65bdaa9752e0b06 (patch)
tree: abf66cfa058d01bb1b5f776b9c829906a6f33800 /sys/kern/kern_mac.c
parent: 22d6bef96d7f7f126802d0ea7652fe4b6f014386 (diff)
download: FreeBSD-src-90f35dab01cd0251ff48ff81a65bdaa9752e0b06.zip
FreeBSD-src-90f35dab01cd0251ff48ff81a65bdaa9752e0b06.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c
index 0bdffc7..3eed0a6 100644
--- a/sys/kern/kern_mac.c
+++ b/sys/kern/kern_mac.c
@@ -144,6 +144,10 @@ SYSCTL_INT(_security_mac, OID_AUTO, enforce_socket, CTLFLAG_RW,
     &mac_enforce_socket, 0, "Enforce MAC policy on socket operations");
 TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket);
 
+static int     mac_enforce_vm = 1;
+SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW,
+    &mac_enforce_vm, 0, "Enforce MAC policy on vm operations");
+
 static int	mac_label_size = sizeof(struct mac);
 SYSCTL_INT(_security_mac, OID_AUTO, label_size, CTLFLAG_RD,
     &mac_label_size, 0, "Pre-compiled MAC label size");
@@ -1779,6 +1783,9 @@ mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp, int newmapping)
 {
 	vm_prot_t result = VM_PROT_ALL;
 
+	if (!mac_enforce_vm)
+		return (result);
+
 	/*
 	 * This should be some sort of MAC_BITWISE, maybe :)
 	 */
author	rwatson <rwatson@FreeBSD.org>	2002-09-18 02:02:08 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-09-18 02:02:08 +0000
commit	90f35dab01cd0251ff48ff81a65bdaa9752e0b06 (patch)
tree	abf66cfa058d01bb1b5f776b9c829906a6f33800 /sys/kern/kern_mac.c
parent	22d6bef96d7f7f126802d0ea7652fe4b6f014386 (diff)
download	FreeBSD-src-90f35dab01cd0251ff48ff81a65bdaa9752e0b06.zip FreeBSD-src-90f35dab01cd0251ff48ff81a65bdaa9752e0b06.tar.gz