Page MenuHomeFreeBSD
Differential D42132

veriexec: Simplify the initialization of loader tunable
ClosedPublic
Actions

Authored by zlei on Oct 9 2023, 3:23 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 26, 6:53 AM
Unknown Object (File)
Sat, Oct 26, 6:53 AM
Unknown Object (File)
Sat, Oct 26, 6:53 AM
Unknown Object (File)
Sat, Oct 26, 6:38 AM
Unknown Object (File)
Sep 22 2024, 8:14 PM
Unknown Object (File)
Sep 18 2024, 9:38 PM
Unknown Object (File)
Sep 17 2024, 7:40 PM
Unknown Object (File)
Sep 10 2024, 6:49 PM
View All 44 Files
Subscribers
dab

Details

Reviewers
imp
sjg
stevek
Commits
rGb388201875bf: veriexec: Simplify the initialization of loader tunable
rGbb8d4411e0c6: veriexec: Simplify the initialization of loader tunable
Summary

The loader tunable 'security.mac.veriexec.block_unlink' has already been
flagged with CTLFLAG_RDTUN, no need to re-fetch it with TUNABLE_INT_FETCH.

While here move the definition of sysctl knobs out of function body, which is more common in FreeBSD.

No functional change intended.

MFC after: 1 week

Test Plan

Set kernel env and load module. Verify the loader tunable is correctly set.

Escape to loader prompt:

load /boot/kernel/kernel
load /root/mac_veriexec.ko
set security.mac.veriexec.block_unlink=1
boot
# sysctl -T security.mac.veriexec.block_unlink
security.mac.veriexec.block_unlink: 1

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
security/
mac_veriexec/
8 lines

Diff 129672

View Options

sys/security/mac_veriexec/mac_veriexec.c

Loading...