diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-12-21 09:51:34 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-12-21 09:51:34 +0000 |
commit | 6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f (patch) | |
tree | 0e00125c1e53f64a611961efffaf3188df3fc0d6 /sys/security/mac/mac_syscalls.c | |
parent | 24b8c057ed5ff8edf963e31c6cd9eaf0514469b2 (diff) | |
download | FreeBSD-src-6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f.zip FreeBSD-src-6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f.tar.gz |
Remove mac_enforce_subsystem debugging sysctls. Enforcement on
subsystems will be a property of policy modules, which may require
access control check entry points to be invoked even when not actively
enforcing (i.e., to track information flow without providing
protection).
Obtained from: TrustedBSD Project
Suggested by: Christopher dot Vance at sparta dot com
Diffstat (limited to 'sys/security/mac/mac_syscalls.c')
-rw-r--r-- | sys/security/mac/mac_syscalls.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 080b1ad..a18b853 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -741,9 +741,7 @@ __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap) crhold(newcred); PROC_UNLOCK(p); - if (mac_enforce_vm) { - mac_cred_mmapped_drop_perms(td, newcred); - } + mac_cred_mmapped_drop_perms(td, newcred); crfree(newcred); /* Free revocation reference. */ crfree(oldcred); |