mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-24 11:29:10 +00:00
Sync to trustedbsd_mac tree: default to sigsegv rather than copy-on-write
during a label change resulting in an mmap removal. This is "fail stop" behavior, which is preferred, although it offers slightly less transparency. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
This commit is contained in:
parent
b618bb96f0
commit
99fa64f863
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=101892
@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
|
||||
static int mac_vnode_label_cache_misses = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
|
||||
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
|
||||
static int mac_mmap_revocation_via_cow = 1;
|
||||
static int mac_mmap_revocation_via_cow = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
|
||||
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
|
||||
"copy-on-write semantics, or by removing all write access");
|
||||
|
@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
|
||||
static int mac_vnode_label_cache_misses = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
|
||||
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
|
||||
static int mac_mmap_revocation_via_cow = 1;
|
||||
static int mac_mmap_revocation_via_cow = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
|
||||
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
|
||||
"copy-on-write semantics, or by removing all write access");
|
||||
|
@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
|
||||
static int mac_vnode_label_cache_misses = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
|
||||
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
|
||||
static int mac_mmap_revocation_via_cow = 1;
|
||||
static int mac_mmap_revocation_via_cow = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
|
||||
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
|
||||
"copy-on-write semantics, or by removing all write access");
|
||||
|
@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
|
||||
static int mac_vnode_label_cache_misses = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
|
||||
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
|
||||
static int mac_mmap_revocation_via_cow = 1;
|
||||
static int mac_mmap_revocation_via_cow = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
|
||||
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
|
||||
"copy-on-write semantics, or by removing all write access");
|
||||
|
@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
|
||||
static int mac_vnode_label_cache_misses = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
|
||||
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
|
||||
static int mac_mmap_revocation_via_cow = 1;
|
||||
static int mac_mmap_revocation_via_cow = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
|
||||
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
|
||||
"copy-on-write semantics, or by removing all write access");
|
||||
|
@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
|
||||
static int mac_vnode_label_cache_misses = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
|
||||
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
|
||||
static int mac_mmap_revocation_via_cow = 1;
|
||||
static int mac_mmap_revocation_via_cow = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
|
||||
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
|
||||
"copy-on-write semantics, or by removing all write access");
|
||||
|
@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
|
||||
static int mac_vnode_label_cache_misses = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
|
||||
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
|
||||
static int mac_mmap_revocation_via_cow = 1;
|
||||
static int mac_mmap_revocation_via_cow = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
|
||||
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
|
||||
"copy-on-write semantics, or by removing all write access");
|
||||
|
@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
|
||||
static int mac_vnode_label_cache_misses = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
|
||||
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
|
||||
static int mac_mmap_revocation_via_cow = 1;
|
||||
static int mac_mmap_revocation_via_cow = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
|
||||
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
|
||||
"copy-on-write semantics, or by removing all write access");
|
||||
|
@ -162,7 +162,7 @@ SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_hits, CTLFLAG_RD,
|
||||
static int mac_vnode_label_cache_misses = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD,
|
||||
&mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels");
|
||||
static int mac_mmap_revocation_via_cow = 1;
|
||||
static int mac_mmap_revocation_via_cow = 0;
|
||||
SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW,
|
||||
&mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via "
|
||||
"copy-on-write semantics, or by removing all write access");
|
||||
|
Loading…
Reference in New Issue
Block a user