diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2002-10-01 03:24:20 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2002-10-01 03:24:20 +0000 |
| commit | 6be0c25e4e600f7f14b571771b43844188236713 (patch) | |
| tree | 2ebadacd95f8719749940b531e980d3d88bf2e7b | |
| parent | 7bf2a42fd5470aea668b628b4bb4929378707bfd (diff) | |
Notes
| -rw-r--r-- | sys/kern/kern_mac.c | 24 | ||||
| -rw-r--r-- | sys/security/mac/mac_framework.c | 24 | ||||
| -rw-r--r-- | sys/security/mac/mac_internal.h | 24 | ||||
| -rw-r--r-- | sys/security/mac/mac_net.c | 24 | ||||
| -rw-r--r-- | sys/security/mac/mac_pipe.c | 24 | ||||
| -rw-r--r-- | sys/security/mac/mac_process.c | 24 | ||||
| -rw-r--r-- | sys/security/mac/mac_syscalls.c | 24 | ||||
| -rw-r--r-- | sys/security/mac/mac_system.c | 24 | ||||
| -rw-r--r-- | sys/security/mac/mac_vfs.c | 24 |
9 files changed, 126 insertions, 90 deletions
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c index 77224304e673..607113e4cf8d 100644 --- a/sys/kern/kern_mac.c +++ b/sys/kern/kern_mac.c @@ -97,16 +97,6 @@ SYSCTL_DECL(_security); SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, "TrustedBSD MAC policy controls"); -SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, - "TrustedBSD MAC debug info"); - -static int mac_debug_label_fallback = 0; -SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, - &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" - "when label is corrupted."); -TUNABLE_INT("security.mac.debug_label_fallback", - &mac_debug_label_fallback); - #ifndef MAC_MAX_POLICIES #define MAC_MAX_POLICIES 8 #endif @@ -177,6 +167,16 @@ SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, "copy-on-write semantics, or by removing all write access"); #ifdef MAC_DEBUG +SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, + "TrustedBSD MAC debug info"); + +static int mac_debug_label_fallback = 0; +SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, + &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" + "when label is corrupted."); +TUNABLE_INT("security.mac.debug_label_fallback", + &mac_debug_label_fallback); + static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; @@ -1082,14 +1082,18 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) vp->v_mount->mnt_stat.f_mntonname); if (VOP_GETATTR(vp, &va, curthread->td_ucred, curthread) == 0) printf(" inum %ld", va.va_fileid); +#ifdef MAC_DEBUG if (mac_debug_label_fallback) { printf(", falling back.\n"); mac_update_vnode_from_mount(vp, vp->v_mount); error = 0; } else { +#endif printf(".\n"); error = EPERM; +#ifdef MAC_DEBUG } +#endif } return (error); diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 77224304e673..607113e4cf8d 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -97,16 +97,6 @@ SYSCTL_DECL(_security); SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, "TrustedBSD MAC policy controls"); -SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, - "TrustedBSD MAC debug info"); - -static int mac_debug_label_fallback = 0; -SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, - &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" - "when label is corrupted."); -TUNABLE_INT("security.mac.debug_label_fallback", - &mac_debug_label_fallback); - #ifndef MAC_MAX_POLICIES #define MAC_MAX_POLICIES 8 #endif @@ -177,6 +167,16 @@ SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, "copy-on-write semantics, or by removing all write access"); #ifdef MAC_DEBUG +SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, + "TrustedBSD MAC debug info"); + +static int mac_debug_label_fallback = 0; +SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, + &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" + "when label is corrupted."); +TUNABLE_INT("security.mac.debug_label_fallback", + &mac_debug_label_fallback); + static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; @@ -1082,14 +1082,18 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) vp->v_mount->mnt_stat.f_mntonname); if (VOP_GETATTR(vp, &va, curthread->td_ucred, curthread) == 0) printf(" inum %ld", va.va_fileid); +#ifdef MAC_DEBUG if (mac_debug_label_fallback) { printf(", falling back.\n"); mac_update_vnode_from_mount(vp, vp->v_mount); error = 0; } else { +#endif printf(".\n"); error = EPERM; +#ifdef MAC_DEBUG } +#endif } return (error); diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 77224304e673..607113e4cf8d 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -97,16 +97,6 @@ SYSCTL_DECL(_security); SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, "TrustedBSD MAC policy controls"); -SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, - "TrustedBSD MAC debug info"); - -static int mac_debug_label_fallback = 0; -SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, - &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" - "when label is corrupted."); -TUNABLE_INT("security.mac.debug_label_fallback", - &mac_debug_label_fallback); - #ifndef MAC_MAX_POLICIES #define MAC_MAX_POLICIES 8 #endif @@ -177,6 +167,16 @@ SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, "copy-on-write semantics, or by removing all write access"); #ifdef MAC_DEBUG +SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, + "TrustedBSD MAC debug info"); + +static int mac_debug_label_fallback = 0; +SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, + &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" + "when label is corrupted."); +TUNABLE_INT("security.mac.debug_label_fallback", + &mac_debug_label_fallback); + static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; @@ -1082,14 +1082,18 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) vp->v_mount->mnt_stat.f_mntonname); if (VOP_GETATTR(vp, &va, curthread->td_ucred, curthread) == 0) printf(" inum %ld", va.va_fileid); +#ifdef MAC_DEBUG if (mac_debug_label_fallback) { printf(", falling back.\n"); mac_update_vnode_from_mount(vp, vp->v_mount); error = 0; } else { +#endif printf(".\n"); error = EPERM; +#ifdef MAC_DEBUG } +#endif } return (error); diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index 77224304e673..607113e4cf8d 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -97,16 +97,6 @@ SYSCTL_DECL(_security); SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, "TrustedBSD MAC policy controls"); -SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, - "TrustedBSD MAC debug info"); - -static int mac_debug_label_fallback = 0; -SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, - &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" - "when label is corrupted."); -TUNABLE_INT("security.mac.debug_label_fallback", - &mac_debug_label_fallback); - #ifndef MAC_MAX_POLICIES #define MAC_MAX_POLICIES 8 #endif @@ -177,6 +167,16 @@ SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, "copy-on-write semantics, or by removing all write access"); #ifdef MAC_DEBUG +SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, + "TrustedBSD MAC debug info"); + +static int mac_debug_label_fallback = 0; +SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, + &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" + "when label is corrupted."); +TUNABLE_INT("security.mac.debug_label_fallback", + &mac_debug_label_fallback); + static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; @@ -1082,14 +1082,18 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) vp->v_mount->mnt_stat.f_mntonname); if (VOP_GETATTR(vp, &va, curthread->td_ucred, curthread) == 0) printf(" inum %ld", va.va_fileid); +#ifdef MAC_DEBUG if (mac_debug_label_fallback) { printf(", falling back.\n"); mac_update_vnode_from_mount(vp, vp->v_mount); error = 0; } else { +#endif printf(".\n"); error = EPERM; +#ifdef MAC_DEBUG } +#endif } return (error); diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index 77224304e673..607113e4cf8d 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -97,16 +97,6 @@ SYSCTL_DECL(_security); SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, "TrustedBSD MAC policy controls"); -SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, - "TrustedBSD MAC debug info"); - -static int mac_debug_label_fallback = 0; -SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, - &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" - "when label is corrupted."); -TUNABLE_INT("security.mac.debug_label_fallback", - &mac_debug_label_fallback); - #ifndef MAC_MAX_POLICIES #define MAC_MAX_POLICIES 8 #endif @@ -177,6 +167,16 @@ SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, "copy-on-write semantics, or by removing all write access"); #ifdef MAC_DEBUG +SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, + "TrustedBSD MAC debug info"); + +static int mac_debug_label_fallback = 0; +SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, + &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" + "when label is corrupted."); +TUNABLE_INT("security.mac.debug_label_fallback", + &mac_debug_label_fallback); + static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; @@ -1082,14 +1082,18 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) vp->v_mount->mnt_stat.f_mntonname); if (VOP_GETATTR(vp, &va, curthread->td_ucred, curthread) == 0) printf(" inum %ld", va.va_fileid); +#ifdef MAC_DEBUG if (mac_debug_label_fallback) { printf(", falling back.\n"); mac_update_vnode_from_mount(vp, vp->v_mount); error = 0; } else { +#endif printf(".\n"); error = EPERM; +#ifdef MAC_DEBUG } +#endif } return (error); diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 77224304e673..607113e4cf8d 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -97,16 +97,6 @@ SYSCTL_DECL(_security); SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, "TrustedBSD MAC policy controls"); -SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, - "TrustedBSD MAC debug info"); - -static int mac_debug_label_fallback = 0; -SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, - &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" - "when label is corrupted."); -TUNABLE_INT("security.mac.debug_label_fallback", - &mac_debug_label_fallback); - #ifndef MAC_MAX_POLICIES #define MAC_MAX_POLICIES 8 #endif @@ -177,6 +167,16 @@ SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, "copy-on-write semantics, or by removing all write access"); #ifdef MAC_DEBUG +SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, + "TrustedBSD MAC debug info"); + +static int mac_debug_label_fallback = 0; +SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, + &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" + "when label is corrupted."); +TUNABLE_INT("security.mac.debug_label_fallback", + &mac_debug_label_fallback); + static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; @@ -1082,14 +1082,18 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) vp->v_mount->mnt_stat.f_mntonname); if (VOP_GETATTR(vp, &va, curthread->td_ucred, curthread) == 0) printf(" inum %ld", va.va_fileid); +#ifdef MAC_DEBUG if (mac_debug_label_fallback) { printf(", falling back.\n"); mac_update_vnode_from_mount(vp, vp->v_mount); error = 0; } else { +#endif printf(".\n"); error = EPERM; +#ifdef MAC_DEBUG } +#endif } return (error); diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 77224304e673..607113e4cf8d 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -97,16 +97,6 @@ SYSCTL_DECL(_security); SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, "TrustedBSD MAC policy controls"); -SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, - "TrustedBSD MAC debug info"); - -static int mac_debug_label_fallback = 0; -SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, - &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" - "when label is corrupted."); -TUNABLE_INT("security.mac.debug_label_fallback", - &mac_debug_label_fallback); - #ifndef MAC_MAX_POLICIES #define MAC_MAX_POLICIES 8 #endif @@ -177,6 +167,16 @@ SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, "copy-on-write semantics, or by removing all write access"); #ifdef MAC_DEBUG +SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, + "TrustedBSD MAC debug info"); + +static int mac_debug_label_fallback = 0; +SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, + &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" + "when label is corrupted."); +TUNABLE_INT("security.mac.debug_label_fallback", + &mac_debug_label_fallback); + static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; @@ -1082,14 +1082,18 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) vp->v_mount->mnt_stat.f_mntonname); if (VOP_GETATTR(vp, &va, curthread->td_ucred, curthread) == 0) printf(" inum %ld", va.va_fileid); +#ifdef MAC_DEBUG if (mac_debug_label_fallback) { printf(", falling back.\n"); mac_update_vnode_from_mount(vp, vp->v_mount); error = 0; } else { +#endif printf(".\n"); error = EPERM; +#ifdef MAC_DEBUG } +#endif } return (error); diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index 77224304e673..607113e4cf8d 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -97,16 +97,6 @@ SYSCTL_DECL(_security); SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, "TrustedBSD MAC policy controls"); -SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, - "TrustedBSD MAC debug info"); - -static int mac_debug_label_fallback = 0; -SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, - &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" - "when label is corrupted."); -TUNABLE_INT("security.mac.debug_label_fallback", - &mac_debug_label_fallback); - #ifndef MAC_MAX_POLICIES #define MAC_MAX_POLICIES 8 #endif @@ -177,6 +167,16 @@ SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, "copy-on-write semantics, or by removing all write access"); #ifdef MAC_DEBUG +SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, + "TrustedBSD MAC debug info"); + +static int mac_debug_label_fallback = 0; +SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, + &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" + "when label is corrupted."); +TUNABLE_INT("security.mac.debug_label_fallback", + &mac_debug_label_fallback); + static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; @@ -1082,14 +1082,18 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) vp->v_mount->mnt_stat.f_mntonname); if (VOP_GETATTR(vp, &va, curthread->td_ucred, curthread) == 0) printf(" inum %ld", va.va_fileid); +#ifdef MAC_DEBUG if (mac_debug_label_fallback) { printf(", falling back.\n"); mac_update_vnode_from_mount(vp, vp->v_mount); error = 0; } else { +#endif printf(".\n"); error = EPERM; +#ifdef MAC_DEBUG } +#endif } return (error); diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 77224304e673..607113e4cf8d 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -97,16 +97,6 @@ SYSCTL_DECL(_security); SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, "TrustedBSD MAC policy controls"); -SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, - "TrustedBSD MAC debug info"); - -static int mac_debug_label_fallback = 0; -SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, - &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" - "when label is corrupted."); -TUNABLE_INT("security.mac.debug_label_fallback", - &mac_debug_label_fallback); - #ifndef MAC_MAX_POLICIES #define MAC_MAX_POLICIES 8 #endif @@ -177,6 +167,16 @@ SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, "copy-on-write semantics, or by removing all write access"); #ifdef MAC_DEBUG +SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, + "TrustedBSD MAC debug info"); + +static int mac_debug_label_fallback = 0; +SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW, + &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label" + "when label is corrupted."); +TUNABLE_INT("security.mac.debug_label_fallback", + &mac_debug_label_fallback); + static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; @@ -1082,14 +1082,18 @@ vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap) vp->v_mount->mnt_stat.f_mntonname); if (VOP_GETATTR(vp, &va, curthread->td_ucred, curthread) == 0) printf(" inum %ld", va.va_fileid); +#ifdef MAC_DEBUG if (mac_debug_label_fallback) { printf(", falling back.\n"); mac_update_vnode_from_mount(vp, vp->v_mount); error = 0; } else { +#endif printf(".\n"); error = EPERM; +#ifdef MAC_DEBUG } +#endif } return (error); |