Removing sysctl security.mac.bsdextended as it no longer exists.A
PR: 109104
Reported by: waldeck@gmx.de
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 60462 Build 57346: arc lint + arc unit
Event Timeline
Comment Actions
Kldloading mac_bsdextended, I don't have this sysctl and the man syntax looks good to me.
Is it possible we can get the commit message saying when this sysctl was removed? I see the sysctl existing 19 years ago in 56c38cd967.
Comment Actions
after looking at the code, I'm wondering - that sysctl is still in the code but it really just sits there as the man page suggests. Maybe we should clean up the module first?
Or maybe I'm reading this wrong? Don't want to jump to conclusions.
static SYSCTL_NODE(_security_mac_bsdextended, OID_AUTO, rules,
CTLFLAG_MPSAFE | CTLFLAG_RW, sysctl_rule, "BSD extended MAC rules");Comment Actions
security.mac.bsdextended.rules is a node. I guess someone (Robert or Tom) had plans to add one or more variable under here.
% sysctl -d security.mac.bsdextended.rules security.mac.bsdextended.rules: BSD extended MAC rules
I think our options are:
- leave things as they are
- remove the node from the code, then proceed with this change.
Comment Actions
This is the sysctl node under which rules are created; they are opaque binary objects and aren't shown by sysctl(8). You can add a rule in ugidfw and then run ktrace -i ugidfw list to see them being used -- something like:
43582 ugidfw SCTL "security.mac.bsdextended.rules.0" 43582 ugidfw RET __sysctl 0
Currently does nothing interesting. is not particularly useful, but the node itself is important.
Comment Actions
Thanks for clarifying. How about replacing "Currently does nothing interesting." with something similar to what you just wrote?
Comment Actions
How about replacing "Currently does nothing interesting." with something similar to what you just wrote?
I think, if we want to touch it, that would be good.