veriexec: Simplify the initialization of loader tunable
ClosedPublic
Actions

Authored by zlei on Oct 9 2023, 3:23 PM.

Details

Reviewers

imp
sjg
stevek

Commits

rGb388201875bf: veriexec: Simplify the initialization of loader tunable
rGbb8d4411e0c6: veriexec: Simplify the initialization of loader tunable

Summary

The loader tunable 'security.mac.veriexec.block_unlink' has already been
flagged with CTLFLAG_RDTUN, no need to re-fetch it with TUNABLE_INT_FETCH.

While here move the definition of sysctl knobs out of function body, which is more common in FreeBSD.

No functional change intended.

MFC after: 1 week

Test Plan

Set kernel env and load module. Verify the loader tunable is correctly set.

Escape to loader prompt:

load /boot/kernel/kernel
load /root/mac_veriexec.ko
set security.mac.veriexec.block_unlink=1
boot

# sysctl -T security.mac.veriexec.block_unlink
security.mac.veriexec.block_unlink: 1

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

zlei created this revision.Oct 9 2023, 3:23 PM

Herald added a subscriber: dab. · View Herald TranscriptOct 9 2023, 3:23 PM

zlei requested review of this revision.Oct 9 2023, 3:23 PM

zlei edited the test plan for this revision. (Show Details)Oct 9 2023, 3:38 PM

sjg added a reviewer: stevek.Oct 9 2023, 9:01 PM

Friendly ping @stevek .

stevek accepted this revision.Nov 2 2023, 10:07 PM

This revision is now accepted and ready to land.Nov 2 2023, 10:07 PM

Closed by commit rGbb8d4411e0c6: veriexec: Simplify the initialization of loader tunable (authored by zlei). · Explain WhyNov 3 2023, 4:10 AM

This revision was automatically updated to reflect the committed changes.

zlei added a commit: rGbb8d4411e0c6: veriexec: Simplify the initialization of loader tunable.

zlei added a commit: rGb388201875bf: veriexec: Simplify the initialization of loader tunable.Nov 13 2023, 3:58 AM

Revision Contents
Changeset List

Path

Size

sys/

security/

mac_veriexec/

mac_veriexec.c

8 lines

Diff 129672

View Options

sys/security/mac_veriexec/mac_veriexec.c

veriexec: Simplify the initialization of loader tunableClosedPublicActions