diff options
author | arr <arr@FreeBSD.org> | 2002-01-16 06:55:30 +0000 |
---|---|---|
committer | arr <arr@FreeBSD.org> | 2002-01-16 06:55:30 +0000 |
commit | 1ae1e4e3f2015a0dd28a67d111327bf8b681ba37 (patch) | |
tree | e1d5ce61a8174cc7c8b01d4bdcaed7af9b80f626 /sys/kern/kern_prot.c | |
parent | 0ed7ba2c7402bdcb1b7ec738e669b00eefaed2b0 (diff) | |
download | FreeBSD-src-1ae1e4e3f2015a0dd28a67d111327bf8b681ba37.zip FreeBSD-src-1ae1e4e3f2015a0dd28a67d111327bf8b681ba37.tar.gz |
- Attempt to help declutter kern. sysctl by moving security out from
beneath it.
Reviewed by: rwatson
Diffstat (limited to 'sys/kern/kern_prot.c')
-rw-r--r-- | sys/kern/kern_prot.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 6164a44..4214cc1 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -63,9 +63,8 @@ static MALLOC_DEFINE(M_CRED, "cred", "credentials"); -SYSCTL_NODE(_kern, OID_AUTO, security, CTLFLAG_RW, 0, - "Kernel security policy"); -SYSCTL_NODE(_kern_security, OID_AUTO, bsd, CTLFLAG_RW, 0, +SYSCTL_DECL(_security); +SYSCTL_NODE(_security, OID_AUTO, bsd, CTLFLAG_RW, 0, "BSD security policy"); #ifndef _SYS_SYSPROTO_H_ @@ -1190,7 +1189,7 @@ groupmember(gid, cred) } /* - * `suser_enabled' (which can be set by the kern.security.suser_enabled + * `suser_enabled' (which can be set by the security.suser_enabled * sysctl) determines whether the system 'super-user' policy is in effect. * If it is nonzero, an effective uid of 0 connotes special privilege, * overriding many mandatory and discretionary protections. If it is zero, @@ -1200,9 +1199,9 @@ groupmember(gid, cred) * consideration of the consequences. */ int suser_enabled = 1; -SYSCTL_INT(_kern_security_bsd, OID_AUTO, suser_enabled, CTLFLAG_RW, +SYSCTL_INT(_security_bsd, OID_AUTO, suser_enabled, CTLFLAG_RW, &suser_enabled, 0, "processes with uid 0 have privilege"); -TUNABLE_INT("kern.security.bsd.suser_enabled", &suser_enabled); +TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled); /* * Test whether the specified credentials imply "super-user" privilege. @@ -1312,7 +1311,7 @@ securelevel_ge(struct ucred *cr, int level) * XXX: data declarations should be together near the beginning of the file. */ static int see_other_uids = 1; -SYSCTL_INT(_kern_security_bsd, OID_AUTO, see_other_uids, CTLFLAG_RW, +SYSCTL_INT(_security_bsd, OID_AUTO, see_other_uids, CTLFLAG_RW, &see_other_uids, 0, "Unprivileged processes may see subjects/objects with different real uid"); @@ -1491,7 +1490,7 @@ p_cansched(struct proc *p1, struct proc *p2) * XXX: data declarations should be together near the beginning of the file. */ static int unprivileged_proc_debug = 1; -SYSCTL_INT(_kern_security_bsd, OID_AUTO, unprivileged_proc_debug, CTLFLAG_RW, +SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_proc_debug, CTLFLAG_RW, &unprivileged_proc_debug, 0, "Unprivileged processes may use process debugging facilities"); |