summaryrefslogtreecommitdiff
path: root/sys/security/mac_mls/mac_mls.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac_mls/mac_mls.c')
-rw-r--r--sys/security/mac_mls/mac_mls.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index c3b2cdaa6bd0e..597628fb8cb6f 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -3091,5 +3091,25 @@ static struct mac_policy_ops mls_ops =
.mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr,
};
+#define MLS_OBJECTS (MPC_OBJECT_CRED | \
+ /* MPC_OBJECT_PROC | */ \
+ MPC_OBJECT_VNODE | \
+ MPC_OBJECT_INPCB | \
+ MPC_OBJECT_SOCKET | \
+ MPC_OBJECT_DEVFS | \
+ MPC_OBJECT_MBUF | \
+ MPC_OBJECT_IPQ | \
+ MPC_OBJECT_IFNET | \
+ MPC_OBJECT_BPFDESC | \
+ MPC_OBJECT_PIPE | \
+ MPC_OBJECT_MOUNT | \
+ MPC_OBJECT_POSIXSEM | \
+ /* MPC_OBJECT_POSIXSHM | */ \
+ MPC_OBJECT_SYSVMSG | \
+ MPC_OBJECT_SYSVMSQ | \
+ MPC_OBJECT_SYSVSEM | \
+ MPC_OBJECT_SYSVSHM | \
+ MPC_OBJECT_SYNCACHE)
+
MAC_POLICY_SET(&mls_ops, mac_mls, "TrustedBSD MAC/MLS",
- MPC_LOADTIME_FLAG_NOTLATE | MPC_LOADTIME_FLAG_LABELMBUFS, &mls_slot);
+ MPC_LOADTIME_FLAG_NOTLATE, &mls_slot, MLS_OBJECTS);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-27 00:47:39 +0000