Sync to trustedbsd_mac tree: default to sigsegv rather than copy-on-write

during a label change resulting in an mmap removal. This is "fail stop" behavior, which is preferred, although it offers slightly less transparency. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
author: rwatson <rwatson@FreeBSD.org> 2002-08-15 02:28:32 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-08-15 02:28:32 +0000
commit: f77c281019425b7eea3cc478b6cd0caa6974bb37 (patch)
tree: 5e81b494922fb76ad7d9d18a5bebced641a20ecf /sys/security
parent: 1a599018bb9a28f7a16544f11987c4d895a9a161 (diff)
download: FreeBSD-src-f77c281019425b7eea3cc478b6cd0caa6974bb37.zip
FreeBSD-src-f77c281019425b7eea3cc478b6cd0caa6974bb37.tar.gz
8 files changed, 8 insertions, 8 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index 547647c..23c6a7c 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
 static int	mac_vnode_label_cache_misses = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
     &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int	mac_mmap_revocation_via_cow = 1;
+static int	mac_mmap_revocation_via_cow = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
     &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
     "copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index 547647c..23c6a7c 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
 static int	mac_vnode_label_cache_misses = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
     &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int	mac_mmap_revocation_via_cow = 1;
+static int	mac_mmap_revocation_via_cow = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
     &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
     "copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index 547647c..23c6a7c 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
 static int	mac_vnode_label_cache_misses = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
     &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int	mac_mmap_revocation_via_cow = 1;
+static int	mac_mmap_revocation_via_cow = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
     &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
     "copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index 547647c..23c6a7c 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
 static int	mac_vnode_label_cache_misses = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
     &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int	mac_mmap_revocation_via_cow = 1;
+static int	mac_mmap_revocation_via_cow = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
     &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
     "copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index 547647c..23c6a7c 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
 static int	mac_vnode_label_cache_misses = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
     &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int	mac_mmap_revocation_via_cow = 1;
+static int	mac_mmap_revocation_via_cow = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
     &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
     "copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index 547647c..23c6a7c 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
 static int	mac_vnode_label_cache_misses = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
     &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int	mac_mmap_revocation_via_cow = 1;
+static int	mac_mmap_revocation_via_cow = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
     &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
     "copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index 547647c..23c6a7c 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
 static int	mac_vnode_label_cache_misses = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
     &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int	mac_mmap_revocation_via_cow = 1;
+static int	mac_mmap_revocation_via_cow = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
     &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
     "copy-on-write semantics, or by removing all write access");
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index 547647c..23c6a7c 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
 static int	mac_vnode_label_cache_misses = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
     &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
-static int	mac_mmap_revocation_via_cow = 1;
+static int	mac_mmap_revocation_via_cow = 0;
 SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
     &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
     "copy-on-write semantics, or by removing all write access");
author	rwatson <rwatson@FreeBSD.org>	2002-08-15 02:28:32 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-08-15 02:28:32 +0000
commit	f77c281019425b7eea3cc478b6cd0caa6974bb37 (patch)
tree	5e81b494922fb76ad7d9d18a5bebced641a20ecf /sys/security
parent	1a599018bb9a28f7a16544f11987c4d895a9a161 (diff)
download	FreeBSD-src-f77c281019425b7eea3cc478b6cd0caa6974bb37.zip FreeBSD-src-f77c281019425b7eea3cc478b6cd0caa6974bb37.tar.gz