Diffusion FreeBSD src repository 15c362aeb778

mac_veriexec: Authorize reads of secured sysctls
15c362aeb778
Actions

Description

mac_veriexec: Authorize reads of secured sysctls

Writes to sysctls flagged with CTLFLAG_SECURE are blocked if the appropriate secure level is set. mac_veriexec does not behave this way, it blocks such sysctls in read-only mode as well.

This change aims to make mac_veriexec behave like secure levels, as it was meant by the original commit ed377cf41.

Reviewed by: sjg
Differential revision: https://reviews.freebsd.org/D34327
Obtained from: Stormshield

Details

Provenance

wma	Authored on Jun 29 2022, 8:48 AM

Reviewer

sjg

Differential Revision

D34327: mac_veriexec: Authorize reads of secured sysctls

Parents

rG8cff8e6e13a6: Bump __FreeBSD_version after linuxkpi changes.

Branches

Unknown

Tags

Unknown

Event Timeline

wma committed rG15c362aeb778: mac_veriexec: Authorize reads of secured sysctls (authored by wma).Jun 29 2022, 8:48 AM

wma added an edge: D34327: mac_veriexec: Authorize reads of secured sysctls.

Changes (1)

Path

Size

sys/

security/

mac_veriexec/

mac_veriexec.c

rG15c362aeb778

View Options

sys/security/mac_veriexec/mac_veriexec.c