Remove mac_enforce_subsystem debugging sysctls. Enforcement on

subsystems will be a property of policy modules, which may require access control check entry points to be invoked even when not actively enforcing (i.e., to track information flow without providing protection). Obtained from: TrustedBSD Project Suggested by: Christopher dot Vance at sparta dot com
author: rwatson <rwatson@FreeBSD.org> 2006-12-21 09:51:34 +0000
committer: rwatson <rwatson@FreeBSD.org> 2006-12-21 09:51:34 +0000
commit: 6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f (patch)
tree: 0e00125c1e53f64a611961efffaf3188df3fc0d6 /sys/security/mac/mac_syscalls.c
parent: 24b8c057ed5ff8edf963e31c6cd9eaf0514469b2 (diff)
download: FreeBSD-src-6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f.zip
FreeBSD-src-6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f.tar.gz
1 files changed, 1 insertions, 3 deletions
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index 080b1ad..a18b853 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -741,9 +741,7 @@ __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
 	crhold(newcred);
 	PROC_UNLOCK(p);
 
-	if (mac_enforce_vm) {
-		mac_cred_mmapped_drop_perms(td, newcred);
-	}
+	mac_cred_mmapped_drop_perms(td, newcred);
 
 	crfree(newcred);	/* Free revocation reference. */
 	crfree(oldcred);
author	rwatson <rwatson@FreeBSD.org>	2006-12-21 09:51:34 +0000
committer	rwatson <rwatson@FreeBSD.org>	2006-12-21 09:51:34 +0000
commit	6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f (patch)
tree	0e00125c1e53f64a611961efffaf3188df3fc0d6 /sys/security/mac/mac_syscalls.c
parent	24b8c057ed5ff8edf963e31c6cd9eaf0514469b2 (diff)
download	FreeBSD-src-6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f.zip FreeBSD-src-6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f.tar.gz