o Add a configSecurity menu to generally configure security settings,

and pull configSecurityProfile under that menu. Add a menu option to determine whether LOMAC is enabled at boot. Probably, eventually, many of the 'Security Profile' menu choices should be pulled out independently into the Security Menu, so as to make them individually selectable. Sponsored by: DARPA, NAI Labs
2026-06-11 01:30:30 -04:00 · 2001-12-21 18:30:50 +00:00 · 2001-12-21 18:30:50 +00:00 · 86f2d72fd8
commit 86f2d72fd8
parent aca736a60e
6 changed files with 62 additions and 6 deletions
--- a/usr.sbin/sade/config.c
+++ b/usr.sbin/sade/config.c
@ -479,6 +479,17 @@ configLinux(dialogMenuItem *self)
    return i;
 }

+int
+configSecurity(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    dialog_clear_norefresh();
+    dmenuOpenSimple(&MenuSecurity, FALSE);
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
 int
 configSecurityProfile(dialogMenuItem *self)
 {
--- a/usr.sbin/sade/menus.c
+++ b/usr.sbin/sade/menus.c
@ -261,7 +261,7 @@ DMenu MenuIndex = {
      { " PCNFSD",		"Run authentication server for PC-NFS.", dmenuVarCheck, configPCNFSD, NULL, "pcnfsd" },
      { " Root Password",	"Set the system manager's password.",   NULL, dmenuSystemCommand, NULL, "passwd root" },
      { " Router",		"Select routing daemon (default: routed)", NULL, configRouter, NULL, "router_enable" },
-      { " Security",		"Select a default system security profile.", NULL, dmenuSubmenu, NULL, &MenuSecurityProfile },
+      { " Security",		"Configure system security options", NULL, dmenuSubmenu, NULL, &MenuSecurity },
      { " Syscons",		"The system console configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSyscons },
      { " Syscons, Font",	"The console screen font.",	  NULL, dmenuSubmenu, NULL, &MenuSysconsFont },
      { " Syscons, Keymap",	"The console keymap configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSysconsKeymap },
@ -1259,8 +1259,8 @@ DMenu MenuConfigure = {
 	NULL,	dmenuSubmenu, NULL, &MenuMouse, NULL },
      { " Networking",	"Configure additional network services",
 	NULL,	dmenuSubmenu, NULL, &MenuNetworking },
-      { " Security",	"Select default system security profile",
-	NULL,	dmenuSubmenu, NULL, &MenuSecurityProfile },
+      { " Security",	"Configure system security options",
+	NULL,	dmenuSubmenu, NULL, &MenuSecurity },
      { " Startup",	"Configure system startup options",
 	NULL,	dmenuSubmenu, NULL, &MenuStartup },
      { " TTYs",	"Configure system ttys.",
@ -2079,6 +2079,22 @@ DMenu MenuUsermgmt = {
      { NULL } },
 };

+DMenu MenuSecurity = {
+    DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS,
+    "System Security Options Menu",
+    "This menu allows you to configure aspects of the operating systme\n"
+    "policy.\n",
+    "Configure system security options",
+    NULL,
+    { { "X Exit",      "Exit this menu (returning to previous)",
+	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
+      { " Security Profile",   "Select a security profile for the system",
+	NULL, configSecurityProfile },
+      { " LOMAC",         "Use Low Watermark Mandatory Access Control at boot",
+	dmenuVarCheck,  dmenuToggleVariable, NULL, "lomac_enable=YES" },
+      { NULL } },
+};
+
 DMenu MenuSecurityProfile = {
    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
    "Default system security profile",
--- a/usr.sbin/sade/sade.h
+++ b/usr.sbin/sade/sade.h
@ -384,6 +384,7 @@ extern DMenu		MenuMediaFTP;		/* FTP media menu				*/
 extern DMenu		MenuMediaTape;		/* Tape media menu				*/
 extern DMenu		MenuNetworkDevice;	/* Network device menu				*/
 extern DMenu		MenuNTP;		/* NTP time server menu				*/
+extern DMenu		MenuSecurity;		/* System security options menu			*/
 extern DMenu		MenuSecurityProfile;	/* Security profile menu			*/
 extern DMenu		MenuStartup;		/* Startup services menu			*/
 extern DMenu		MenuSyscons;		/* System console configuration menu		*/
--- a/usr.sbin/sysinstall/config.c
+++ b/usr.sbin/sysinstall/config.c
@ -479,6 +479,17 @@ configLinux(dialogMenuItem *self)
    return i;
 }

+int
+configSecurity(dialogMenuItem *self)
+{
+    WINDOW *w = savescr();
+
+    dialog_clear_norefresh();
+    dmenuOpenSimple(&MenuSecurity, FALSE);
+    restorescr(w);
+    return DITEM_SUCCESS;
+}
+
 int
 configSecurityProfile(dialogMenuItem *self)
 {
--- a/usr.sbin/sysinstall/menus.c
+++ b/usr.sbin/sysinstall/menus.c
@ -261,7 +261,7 @@ DMenu MenuIndex = {
      { " PCNFSD",		"Run authentication server for PC-NFS.", dmenuVarCheck, configPCNFSD, NULL, "pcnfsd" },
      { " Root Password",	"Set the system manager's password.",   NULL, dmenuSystemCommand, NULL, "passwd root" },
      { " Router",		"Select routing daemon (default: routed)", NULL, configRouter, NULL, "router_enable" },
-      { " Security",		"Select a default system security profile.", NULL, dmenuSubmenu, NULL, &MenuSecurityProfile },
+      { " Security",		"Configure system security options", NULL, dmenuSubmenu, NULL, &MenuSecurity },
      { " Syscons",		"The system console configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSyscons },
      { " Syscons, Font",	"The console screen font.",	  NULL, dmenuSubmenu, NULL, &MenuSysconsFont },
      { " Syscons, Keymap",	"The console keymap configuration menu.", NULL, dmenuSubmenu, NULL, &MenuSysconsKeymap },
@ -1259,8 +1259,8 @@ DMenu MenuConfigure = {
 	NULL,	dmenuSubmenu, NULL, &MenuMouse, NULL },
      { " Networking",	"Configure additional network services",
 	NULL,	dmenuSubmenu, NULL, &MenuNetworking },
-      { " Security",	"Select default system security profile",
-	NULL,	dmenuSubmenu, NULL, &MenuSecurityProfile },
+      { " Security",	"Configure system security options",
+	NULL,	dmenuSubmenu, NULL, &MenuSecurity },
      { " Startup",	"Configure system startup options",
 	NULL,	dmenuSubmenu, NULL, &MenuStartup },
      { " TTYs",	"Configure system ttys.",
@ -2079,6 +2079,22 @@ DMenu MenuUsermgmt = {
      { NULL } },
 };

+DMenu MenuSecurity = {
+    DMENU_CHECKLIST_TYPE | DMENU_SELECTION_RETURNS,
+    "System Security Options Menu",
+    "This menu allows you to configure aspects of the operating systme\n"
+    "policy.\n",
+    "Configure system security options",
+    NULL,
+    { { "X Exit",      "Exit this menu (returning to previous)",
+	checkTrue, dmenuExit, NULL, NULL, '<', '<', '<' },
+      { " Security Profile",   "Select a security profile for the system",
+	NULL, configSecurityProfile },
+      { " LOMAC",         "Use Low Watermark Mandatory Access Control at boot",
+	dmenuVarCheck,  dmenuToggleVariable, NULL, "lomac_enable=YES" },
+      { NULL } },
+};
+
 DMenu MenuSecurityProfile = {
    DMENU_NORMAL_TYPE | DMENU_SELECTION_RETURNS,
    "Default system security profile",
--- a/usr.sbin/sysinstall/sysinstall.h
+++ b/usr.sbin/sysinstall/sysinstall.h
@ -384,6 +384,7 @@ extern DMenu		MenuMediaFTP;		/* FTP media menu				*/
 extern DMenu		MenuMediaTape;		/* Tape media menu				*/
 extern DMenu		MenuNetworkDevice;	/* Network device menu				*/
 extern DMenu		MenuNTP;		/* NTP time server menu				*/
+extern DMenu		MenuSecurity;		/* System security options menu			*/
 extern DMenu		MenuSecurityProfile;	/* Security profile menu			*/
 extern DMenu		MenuStartup;		/* Startup services menu			*/
 extern DMenu		MenuSyscons;		/* System console configuration menu		*/