Date: Wed, 3 Jun 2009 08:49:44 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r193371 - head/sys/security/mac_biba Message-ID: <200906030849.n538ni6v043820@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Wed Jun 3 08:49:44 2009 New Revision: 193371 URL: http://svn.freebsd.org/changeset/base/193371 Log: By default, label all network interfaces as biba/equal on attach. This makes it easier for first-time users to configure and work with biba as remote acess is still allowed. Effectively, this means that, by default, only local security properties, not distributed ones, are enforced. Obtained from: TrustedBSD Project Modified: head/sys/security/mac_biba/mac_biba.c Modified: head/sys/security/mac_biba/mac_biba.c ============================================================================== --- head/sys/security/mac_biba/mac_biba.c Wed Jun 3 08:21:11 2009 (r193370) +++ head/sys/security/mac_biba/mac_biba.c Wed Jun 3 08:49:44 2009 (r193371) @@ -125,7 +125,7 @@ SYSCTL_INT(_security_mac_biba, OID_AUTO, 0, "Label pty devices as biba/equal on create"); TUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); -static int interfaces_equal; +static int interfaces_equal = 1; SYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW, &interfaces_equal, 0, "Label network interfaces as biba/equal on create"); TUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906030849.n538ni6v043820>