diff options
author | gjb <gjb@FreeBSD.org> | 2014-06-27 22:05:21 +0000 |
---|---|---|
committer | gjb <gjb@FreeBSD.org> | 2014-06-27 22:05:21 +0000 |
commit | fc21f40567ac7485e9e987cf5a539bd0d11c7155 (patch) | |
tree | fce5301b062a855bc68b9cb76c6b5966c5a2acbe /sys/security/mac_mls/mac_mls.c | |
parent | 2f456747e010bfa5a9dd3498aa5650e0ade39f22 (diff) | |
download | FreeBSD-src-fc21f40567ac7485e9e987cf5a539bd0d11c7155.zip FreeBSD-src-fc21f40567ac7485e9e987cf5a539bd0d11c7155.tar.gz |
Revert r267961, r267973:
These changes prevent sysctl(8) from returning proper output,
such as:
1) no output from sysctl(8)
2) erroneously returning ENOMEM with tools like truss(1)
or uname(1)
truss: can not get etype: Cannot allocate memory
Diffstat (limited to 'sys/security/mac_mls/mac_mls.c')
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 6a074d0..d7ca5a5 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -101,20 +101,23 @@ SYSCTL_INT(_security_mac_mls, OID_AUTO, label_size, CTLFLAG_RD, &mls_label_size, 0, "Size of struct mac_mls"); static int mls_enabled = 1; -SYSCTL_INT(_security_mac_mls, OID_AUTO, enabled, CTLFLAG_RWTUN, &mls_enabled, 0, +SYSCTL_INT(_security_mac_mls, OID_AUTO, enabled, CTLFLAG_RW, &mls_enabled, 0, "Enforce MAC/MLS policy"); +TUNABLE_INT("security.mac.mls.enabled", &mls_enabled); static int destroyed_not_inited; SYSCTL_INT(_security_mac_mls, OID_AUTO, destroyed_not_inited, CTLFLAG_RD, &destroyed_not_inited, 0, "Count of labels destroyed but not inited"); static int ptys_equal = 0; -SYSCTL_INT(_security_mac_mls, OID_AUTO, ptys_equal, CTLFLAG_RWTUN, +SYSCTL_INT(_security_mac_mls, OID_AUTO, ptys_equal, CTLFLAG_RW, &ptys_equal, 0, "Label pty devices as mls/equal on create"); +TUNABLE_INT("security.mac.mls.ptys_equal", &ptys_equal); static int revocation_enabled = 0; -SYSCTL_INT(_security_mac_mls, OID_AUTO, revocation_enabled, CTLFLAG_RWTUN, +SYSCTL_INT(_security_mac_mls, OID_AUTO, revocation_enabled, CTLFLAG_RW, &revocation_enabled, 0, "Revoke access to objects on relabel"); +TUNABLE_INT("security.mac.mls.revocation_enabled", &revocation_enabled); static int max_compartments = MAC_MLS_MAX_COMPARTMENTS; SYSCTL_INT(_security_mac_mls, OID_AUTO, max_compartments, CTLFLAG_RD, |