Date: Sat, 24 Aug 2002 10:10:54 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 16510 for review Message-ID: <200208241710.g7OHAsAj061591@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=16510 Change 16510 by rwatson@rwatson_paprika on 2002/08/24 10:10:37 Add 'security.mac.mmap_revocation' to enable/disable revocation of mmaps on subject relabel. Default to enable (current behavior). Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#259 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#259 (text+ko) ==== @@ -164,6 +164,10 @@ static int mac_vnode_label_cache_misses = 0; SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); +static int mac_mmap_revocation = 1; +SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW, + &mac_mmap_revocation, 0, "Revoke mmap access to files on subject " + "relabel"); static int mac_mmap_revocation_via_cow = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " @@ -2209,6 +2213,9 @@ vm_ooffset_t offset; struct vnode *vp; + if (!mac_mmap_revocation) + return; + vm_map_lock_read(map); for (vme = map->header.next; vme != &map->header; vme = vme->next) { if (vme->eflags & MAP_ENTRY_IS_SUB_MAP) { To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208241710.g7OHAsAj061591>