Introduce ``security.curtain'', new node for security features and
settings, and new variable for controlling access to objects based on user-id.
This commit is contained in:
parent
15b43e830c
commit
ec14f2d11e
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: init_sysctl.c,v 1.53 2005/09/06 02:36:17 rpaulo Exp $ */
|
||||
/* $NetBSD: init_sysctl.c,v 1.54 2005/09/07 16:26:15 elad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2003 The NetBSD Foundation, Inc.
|
||||
|
@ -37,7 +37,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.53 2005/09/06 02:36:17 rpaulo Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.54 2005/09/07 16:26:15 elad Exp $");
|
||||
|
||||
#include "opt_sysv.h"
|
||||
#include "opt_multiprocessor.h"
|
||||
|
@ -90,6 +90,9 @@ __KERNEL_RCSID(0, "$NetBSD: init_sysctl.c,v 1.53 2005/09/06 02:36:17 rpaulo Exp
|
|||
|
||||
#include <machine/cpu.h>
|
||||
|
||||
/* XXX this should not be here */
|
||||
int security_curtain = 1;
|
||||
|
||||
/*
|
||||
* try over estimating by 5 procs/lwps
|
||||
*/
|
||||
|
@ -247,6 +250,12 @@ SYSCTL_SETUP(sysctl_root_setup, "sysctl base setup")
|
|||
SYSCTL_DESCR("Emulation settings"),
|
||||
NULL, 0, NULL, 0,
|
||||
CTL_EMUL, CTL_EOL);
|
||||
sysctl_createv(clog, 0, NULL, NULL,
|
||||
CTLFLAG_PERMANENT,
|
||||
CTLTYPE_NODE, "security",
|
||||
SYSCTL_DESCR("Security"),
|
||||
NULL, 0, NULL, 0,
|
||||
CTL_SECURITY, CTL_EOL);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1010,6 +1019,17 @@ SYSCTL_SETUP(sysctl_debug_setup, "sysctl debug subtree setup")
|
|||
}
|
||||
#endif /* DEBUG */
|
||||
|
||||
SYSCTL_SETUP(sysctl_security_setup, "sysctl security subtree setup")
|
||||
{
|
||||
sysctl_createv(clog, 0, NULL, NULL,
|
||||
CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
|
||||
CTLTYPE_INT, "curtain",
|
||||
SYSCTL_DESCR("Curtain information about objects"
|
||||
" to users not owning them."),
|
||||
NULL, 0, &security_curtain, 0,
|
||||
CTL_SECURITY, SECURITY_CURTAIN, CTL_EOL);
|
||||
}
|
||||
|
||||
/*
|
||||
* ********************************************************************
|
||||
* section 2: private node-specific helper routines.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: sysctl.h,v 1.140 2005/09/06 02:36:17 rpaulo Exp $ */
|
||||
/* $NetBSD: sysctl.h,v 1.141 2005/09/07 16:26:16 elad Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1989, 1993
|
||||
|
@ -161,7 +161,8 @@ struct ctlname {
|
|||
#define CTL_PROC 10 /* per-proc attr */
|
||||
#define CTL_VENDOR 11 /* vendor-specific data */
|
||||
#define CTL_EMUL 12 /* emulation-specific data */
|
||||
#define CTL_MAXID 13 /* number of valid top-level ids */
|
||||
#define CTL_SECURITY 13 /* security */
|
||||
#define CTL_MAXID 14 /* number of valid top-level ids */
|
||||
|
||||
#define CTL_NAMES { \
|
||||
{ 0, 0 }, \
|
||||
|
@ -177,6 +178,7 @@ struct ctlname {
|
|||
{ "proc", CTLTYPE_NODE }, \
|
||||
{ "vendor", CTLTYPE_NODE }, \
|
||||
{ "emul", CTLTYPE_NODE }, \
|
||||
{ "security", CTLTYPE_NODE }, \
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -896,6 +898,20 @@ struct kinfo_file {
|
|||
{ "mach", CTLTYPE_NODE }, \
|
||||
}
|
||||
|
||||
/*
|
||||
* CTL_SECURITY definitions.
|
||||
*/
|
||||
#define SECURITY_CURTAIN 1
|
||||
#define SECURITY_MAXID 2
|
||||
|
||||
#define CTL_SECURITY_NAMES { \
|
||||
{ 0, 0 }, \
|
||||
{ "curtain", CTLTYPE_INT }, \
|
||||
}
|
||||
|
||||
/* XXX this should not be here */
|
||||
extern int security_curtain;
|
||||
|
||||
#ifdef _KERNEL
|
||||
|
||||
#if defined(_KERNEL_OPT)
|
||||
|
|
Loading…
Reference in New Issue