Date: Thu, 19 Sep 2002 17:47:25 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 17739 for review Message-ID: <200209200047.g8K0lPBt028347@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17739 Change 17739 by rwatson@rwatson_tislabs on 2002/09/19 17:46:42 Temporarily disable VM enforcement and mmap revocation due to a bug in the MLS code somewhere. We'll turn this on again later when we've had a chance to track it down. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#274 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#274 (text+ko) ==== @@ -137,7 +137,7 @@ &mac_enforce_socket, 0, "Enforce MAC policy on socket operations"); TUNABLE_INT("security.mac.enforce_socket", &mac_enforce_socket); -static int mac_enforce_vm = 1; +static int mac_enforce_vm = 0; SYSCTL_INT(_security_mac, OID_AUTO, enforce_vm, CTLFLAG_RW, &mac_enforce_vm, 0, "Enforce MAC policy on vm operations"); TUNABLE_INT("security.mac.enforce_vm", &mac_enforce_vm); @@ -159,7 +159,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); -static int mac_mmap_revocation = 1; +static int mac_mmap_revocation = 0; SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation, CTLFLAG_RW, &mac_mmap_revocation, 0, "Revoke mmap access to files on subject " "relabel"); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209200047.g8K0lPBt028347>