From owner-svn-src-head@FreeBSD.ORG Wed Jun 3 08:49:45 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A9E81065672; Wed, 3 Jun 2009 08:49:45 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id EC61C8FC08; Wed, 3 Jun 2009 08:49:44 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n538niLD043821; Wed, 3 Jun 2009 08:49:44 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n538ni6v043820; Wed, 3 Jun 2009 08:49:44 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <200906030849.n538ni6v043820@svn.freebsd.org> From: Robert Watson Date: Wed, 3 Jun 2009 08:49:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r193371 - head/sys/security/mac_biba X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2009 08:49:45 -0000 Author: rwatson Date: Wed Jun 3 08:49:44 2009 New Revision: 193371 URL: http://svn.freebsd.org/changeset/base/193371 Log: By default, label all network interfaces as biba/equal on attach. This makes it easier for first-time users to configure and work with biba as remote acess is still allowed. Effectively, this means that, by default, only local security properties, not distributed ones, are enforced. Obtained from: TrustedBSD Project Modified: head/sys/security/mac_biba/mac_biba.c Modified: head/sys/security/mac_biba/mac_biba.c ============================================================================== --- head/sys/security/mac_biba/mac_biba.c Wed Jun 3 08:21:11 2009 (r193370) +++ head/sys/security/mac_biba/mac_biba.c Wed Jun 3 08:49:44 2009 (r193371) @@ -125,7 +125,7 @@ SYSCTL_INT(_security_mac_biba, OID_AUTO, 0, "Label pty devices as biba/equal on create"); TUNABLE_INT("security.mac.biba.ptys_equal", &ptys_equal); -static int interfaces_equal; +static int interfaces_equal = 1; SYSCTL_INT(_security_mac_biba, OID_AUTO, interfaces_equal, CTLFLAG_RW, &interfaces_equal, 0, "Label network interfaces as biba/equal on create"); TUNABLE_INT("security.mac.biba.interfaces_equal", &interfaces_equal);