diff options
| author | csjp <csjp@FreeBSD.org> | 2005-12-31 05:06:59 +0000 |
|---|---|---|
| committer | csjp <csjp@FreeBSD.org> | 2005-12-31 05:06:59 +0000 |
| commit | 8db1bd7411a1a4c2f4b01d0a822a5ec62d2f9251 (patch) | |
| tree | 1cb3d9ad0560d0ab30abfbcaa1ff9e5531882e32 /usr.bin | |
| parent | e37f6ca70a13a805aff1a2e132e7e0e456d8ba7c (diff) | |
| download | FreeBSD-src-8db1bd7411a1a4c2f4b01d0a822a5ec62d2f9251.zip FreeBSD-src-8db1bd7411a1a4c2f4b01d0a822a5ec62d2f9251.tar.gz | |
Introduce a new sysctl variable:
security.mac.biba.interfaces_equal
If non-zero, all network interfaces be created with the label:
biba/equal(equal-equal)
This is useful where programs which initialize network interfaces
do not have any labeling support. This includes dhclient and ppp. A
long term solution is to add labeling support into dhclient(8)
and ppp(8), and remove this variable.
It should be noted that this behavior is different then setting the:
security.mac.biba.trust_all_interfaces
sysctl variable, as this will create interfaces with a biba/high label.
Lower integrity processes are not able to write to the interface in this
event. The security.mac.biba.interfaces_equal will override
trust_all_interfaces.
The security.mac.biba.interfaces_equal variable will be set to zero
or disabled by default.
MFC after: 2 weeks
Diffstat (limited to 'usr.bin')
0 files changed, 0 insertions, 0 deletions
