D42132.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D42132.diff
View Options

	diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c
	--- a/sys/security/mac_veriexec/mac_veriexec.c
	+++ b/sys/security/mac_veriexec/mac_veriexec.c
	@@ -105,6 +105,8 @@
	static int mac_veriexec_slot;

	static int mac_veriexec_block_unlink;
	+SYSCTL_INT(_security_mac_veriexec, OID_AUTO, block_unlink, CTLFLAG_RDTUN,
	+ &mac_veriexec_block_unlink, 0, "Veriexec unlink protection");

	MALLOC_DEFINE(M_VERIEXEC, "veriexec", "Verified execution data");

	@@ -797,12 +799,6 @@
	EVENTHANDLER_REGISTER(vfs_unmounted, mac_veriexec_vfs_unmounted, NULL,
	EVENTHANDLER_PRI_LAST);

	- /* Fetch tunable value in kernel env and define a corresponding read-only sysctl */
	- mac_veriexec_block_unlink = 0;
	- TUNABLE_INT_FETCH("security.mac.veriexec.block_unlink", &mac_veriexec_block_unlink);
	- SYSCTL_INT(_security_mac_veriexec, OID_AUTO, block_unlink,
	- CTLFLAG_RDTUN, &mac_veriexec_block_unlink, 0, "Veriexec unlink protection");
	-
	/* Check if unlink control is activated via tunable value */
	if (!mac_veriexec_block_unlink)
	mac_veriexec_ops.mpo_vnode_check_unlink = NULL;