diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-12-21 09:51:34 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-12-21 09:51:34 +0000 |
commit | 6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f (patch) | |
tree | 0e00125c1e53f64a611961efffaf3188df3fc0d6 /sys/security/mac/mac_sysv_msg.c | |
parent | 24b8c057ed5ff8edf963e31c6cd9eaf0514469b2 (diff) | |
download | FreeBSD-src-6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f.zip FreeBSD-src-6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f.tar.gz |
Remove mac_enforce_subsystem debugging sysctls. Enforcement on
subsystems will be a property of policy modules, which may require
access control check entry points to be invoked even when not actively
enforcing (i.e., to track information flow without providing
protection).
Obtained from: TrustedBSD Project
Suggested by: Christopher dot Vance at sparta dot com
Diffstat (limited to 'sys/security/mac/mac_sysv_msg.c')
-rw-r--r-- | sys/security/mac/mac_sysv_msg.c | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/sys/security/mac/mac_sysv_msg.c b/sys/security/mac/mac_sysv_msg.c index 8e66281..95d79ce 100644 --- a/sys/security/mac/mac_sysv_msg.c +++ b/sys/security/mac/mac_sysv_msg.c @@ -54,12 +54,6 @@ __FBSDID("$FreeBSD$"); #include <security/mac/mac_framework.h> #include <security/mac/mac_internal.h> -static int mac_enforce_sysv_msg = 1; -SYSCTL_INT(_security_mac, OID_AUTO, enforce_sysv_msg, CTLFLAG_RW, - &mac_enforce_sysv_msg, 0, - "Enforce MAC policy on System V IPC Message Queues"); -TUNABLE_INT("security.mac.enforce_sysv_msg", &mac_enforce_sysv_msg); - static struct label * mac_sysv_msgmsg_label_alloc(void) { @@ -162,9 +156,6 @@ mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, { int error; - if (!mac_enforce_sysv_msg) - return (0); - MAC_CHECK(check_sysv_msgmsq, cred, msgptr, msgptr->label, msqkptr, msqkptr->label); @@ -176,9 +167,6 @@ mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr) { int error; - if (!mac_enforce_sysv_msg) - return (0); - MAC_CHECK(check_sysv_msgrcv, cred, msgptr, msgptr->label); return(error); @@ -189,9 +177,6 @@ mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr) { int error; - if (!mac_enforce_sysv_msg) - return (0); - MAC_CHECK(check_sysv_msgrmid, cred, msgptr, msgptr->label); return(error); @@ -202,9 +187,6 @@ mac_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr) { int error; - if (!mac_enforce_sysv_msg) - return (0); - MAC_CHECK(check_sysv_msqget, cred, msqkptr, msqkptr->label); return(error); @@ -215,9 +197,6 @@ mac_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr) { int error; - if (!mac_enforce_sysv_msg) - return (0); - MAC_CHECK(check_sysv_msqsnd, cred, msqkptr, msqkptr->label); return(error); @@ -228,9 +207,6 @@ mac_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr) { int error; - if (!mac_enforce_sysv_msg) - return (0); - MAC_CHECK(check_sysv_msqrcv, cred, msqkptr, msqkptr->label); return(error); @@ -242,9 +218,6 @@ mac_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, { int error; - if (!mac_enforce_sysv_msg) - return (0); - MAC_CHECK(check_sysv_msqctl, cred, msqkptr, msqkptr->label, cmd); return(error); |