summaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/kern_cap.c4
-rw-r--r--sys/kern/kern_jail.c10
-rw-r--r--sys/kern/kern_mib.c2
-rw-r--r--sys/kern/kern_prot.c15
-rw-r--r--sys/kern/subr_prf.c4
5 files changed, 18 insertions, 17 deletions
diff --git a/sys/kern/kern_cap.c b/sys/kern/kern_cap.c
index c9be68d..caa1f1a 100644
--- a/sys/kern/kern_cap.c
+++ b/sys/kern/kern_cap.c
@@ -61,9 +61,9 @@
static int capabilities_enabled = 0;
-SYSCTL_NODE(_kern_security, OID_AUTO, capabilities, CTLFLAG_RW, 0,
+SYSCTL_NODE(_security, OID_AUTO, capabilities, CTLFLAG_RW, 0,
"POSIX.1e Capabilities");
-SYSCTL_INT(_kern_security_capabilities, OID_AUTO, enabled, CTLFLAG_RW,
+SYSCTL_INT(_security_capabilities, OID_AUTO, enabled, CTLFLAG_RW,
&capabilities_enabled, 0, "POSIX.1e Capabilities enabled");
#endif
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 01ddc1e..0ae8d3f 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -28,24 +28,24 @@
MALLOC_DEFINE(M_PRISON, "prison", "Prison structures");
-SYSCTL_DECL(_kern_security);
-SYSCTL_NODE(_kern_security, OID_AUTO, jail, CTLFLAG_RW, 0,
+SYSCTL_DECL(_security);
+SYSCTL_NODE(_security, OID_AUTO, jail, CTLFLAG_RW, 0,
"Jail rules");
mp_fixme("these variables need a lock")
int jail_set_hostname_allowed = 1;
-SYSCTL_INT(_kern_security_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
+SYSCTL_INT(_security_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
&jail_set_hostname_allowed, 0,
"Processes in jail can set their hostnames");
int jail_socket_unixiproute_only = 1;
-SYSCTL_INT(_kern_security_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
+SYSCTL_INT(_security_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
&jail_socket_unixiproute_only, 0,
"Processes in jail are limited to creating UNIX/IPv4/route sockets only");
int jail_sysvipc_allowed = 0;
-SYSCTL_INT(_kern_security_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
+SYSCTL_INT(_security_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
&jail_sysvipc_allowed, 0,
"Processes in jail can use System V IPC primitives");
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c
index a83b5df..c5ac747 100644
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@ -77,6 +77,8 @@ SYSCTL_NODE(, CTL_P1003_1B, p1003_1b, CTLFLAG_RW, 0,
SYSCTL_NODE(, OID_AUTO, compat, CTLFLAG_RW, 0,
"Compatibility code");
+SYSCTL_NODE(, OID_AUTO, security, CTLFLAG_RW, 0,
+ "Security");
#ifdef REGRESSION
SYSCTL_NODE(, OID_AUTO, regression, CTLFLAG_RW, 0,
"Regression test MIB");
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 6164a44..4214cc1 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -63,9 +63,8 @@
static MALLOC_DEFINE(M_CRED, "cred", "credentials");
-SYSCTL_NODE(_kern, OID_AUTO, security, CTLFLAG_RW, 0,
- "Kernel security policy");
-SYSCTL_NODE(_kern_security, OID_AUTO, bsd, CTLFLAG_RW, 0,
+SYSCTL_DECL(_security);
+SYSCTL_NODE(_security, OID_AUTO, bsd, CTLFLAG_RW, 0,
"BSD security policy");
#ifndef _SYS_SYSPROTO_H_
@@ -1190,7 +1189,7 @@ groupmember(gid, cred)
}
/*
- * `suser_enabled' (which can be set by the kern.security.suser_enabled
+ * `suser_enabled' (which can be set by the security.suser_enabled
* sysctl) determines whether the system 'super-user' policy is in effect.
* If it is nonzero, an effective uid of 0 connotes special privilege,
* overriding many mandatory and discretionary protections. If it is zero,
@@ -1200,9 +1199,9 @@ groupmember(gid, cred)
* consideration of the consequences.
*/
int suser_enabled = 1;
-SYSCTL_INT(_kern_security_bsd, OID_AUTO, suser_enabled, CTLFLAG_RW,
+SYSCTL_INT(_security_bsd, OID_AUTO, suser_enabled, CTLFLAG_RW,
&suser_enabled, 0, "processes with uid 0 have privilege");
-TUNABLE_INT("kern.security.bsd.suser_enabled", &suser_enabled);
+TUNABLE_INT("security.bsd.suser_enabled", &suser_enabled);
/*
* Test whether the specified credentials imply "super-user" privilege.
@@ -1312,7 +1311,7 @@ securelevel_ge(struct ucred *cr, int level)
* XXX: data declarations should be together near the beginning of the file.
*/
static int see_other_uids = 1;
-SYSCTL_INT(_kern_security_bsd, OID_AUTO, see_other_uids, CTLFLAG_RW,
+SYSCTL_INT(_security_bsd, OID_AUTO, see_other_uids, CTLFLAG_RW,
&see_other_uids, 0,
"Unprivileged processes may see subjects/objects with different real uid");
@@ -1491,7 +1490,7 @@ p_cansched(struct proc *p1, struct proc *p2)
* XXX: data declarations should be together near the beginning of the file.
*/
static int unprivileged_proc_debug = 1;
-SYSCTL_INT(_kern_security_bsd, OID_AUTO, unprivileged_proc_debug, CTLFLAG_RW,
+SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_proc_debug, CTLFLAG_RW,
&unprivileged_proc_debug, 0,
"Unprivileged processes may use process debugging facilities");
diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c
index fcb2dd5..164bbf7 100644
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@@ -819,10 +819,10 @@ msgbufinit(void *ptr, size_t size)
oldp = msgbufp;
}
-SYSCTL_DECL(_kern_security_bsd);
+SYSCTL_DECL(_security_bsd);
static int unprivileged_read_msgbuf = 1;
-SYSCTL_INT(_kern_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
+SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
"Unprivileged processes may read the kernel message buffer");
OpenPOWER on IntegriCloud