From 6fa1425be4ba1838fbf0b757c9cbbb6c0da6811f Mon Sep 17 00:00:00 2001 From: rwatson Date: Thu, 21 Dec 2006 09:51:34 +0000 Subject: Remove mac_enforce_subsystem debugging sysctls. Enforcement on subsystems will be a property of policy modules, which may require access control check entry points to be invoked even when not actively enforcing (i.e., to track information flow without providing protection). Obtained from: TrustedBSD Project Suggested by: Christopher dot Vance at sparta dot com --- sys/security/mac/mac_syscalls.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'sys/security/mac/mac_syscalls.c') diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 080b1ad..a18b853 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -741,9 +741,7 @@ __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap) crhold(newcred); PROC_UNLOCK(p); - if (mac_enforce_vm) { - mac_cred_mmapped_drop_perms(td, newcred); - } + mac_cred_mmapped_drop_perms(td, newcred); crfree(newcred); /* Free revocation reference. */ crfree(oldcred); -- cgit v1.1