Pull in r267961 and r267973 again. Fix for issues reported will follow.

1 files changed, 4 insertions, 8 deletions

diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c
index 7165f905c83d..28097b502989 100644
--- a/sys/security/mac_ifoff/mac_ifoff.c
+++ b/sys/security/mac_ifoff/mac_ifoff.c
@@ -66,25 +66,21 @@ static SYSCTL_NODE(_security_mac, OID_AUTO, ifoff, CTLFLAG_RW, 0,
     "TrustedBSD mac_ifoff policy controls");
 
 static int	ifoff_enabled = 1;
-SYSCTL_INT(_security_mac_ifoff, OID_AUTO, enabled, CTLFLAG_RW,
+SYSCTL_INT(_security_mac_ifoff, OID_AUTO, enabled, CTLFLAG_RWTUN,
     &ifoff_enabled, 0, "Enforce ifoff policy");
-TUNABLE_INT("security.mac.ifoff.enabled", &ifoff_enabled);
 
 static int	ifoff_lo_enabled = 1;
-SYSCTL_INT(_security_mac_ifoff, OID_AUTO, lo_enabled, CTLFLAG_RW,
+SYSCTL_INT(_security_mac_ifoff, OID_AUTO, lo_enabled, CTLFLAG_RWTUN,
     &ifoff_lo_enabled, 0, "Enable loopback interfaces");
-TUNABLE_INT("security.mac.ifoff.lo_enabled", &ifoff_lo_enabled);
 
 static int	ifoff_other_enabled = 0;
-SYSCTL_INT(_security_mac_ifoff, OID_AUTO, other_enabled, CTLFLAG_RW,
+SYSCTL_INT(_security_mac_ifoff, OID_AUTO, other_enabled, CTLFLAG_RWTUN,
     &ifoff_other_enabled, 0, "Enable other interfaces");
-TUNABLE_INT("security.mac.ifoff.other_enabled", &ifoff_other_enabled);
 
 static int	ifoff_bpfrecv_enabled = 0;
-SYSCTL_INT(_security_mac_ifoff, OID_AUTO, bpfrecv_enabled, CTLFLAG_RW,
+SYSCTL_INT(_security_mac_ifoff, OID_AUTO, bpfrecv_enabled, CTLFLAG_RWTUN,
     &ifoff_bpfrecv_enabled, 0, "Enable BPF reception even when interface "
     "is disabled");
-TUNABLE_INT("security.mac.ifoff.bpfrecv.enabled", &ifoff_bpfrecv_enabled);
 
 static int
 ifnet_check_outgoing(struct ifnet *ifp)