From nobody@FreeBSD.org  Mon Feb 12 19:40:36 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3FE1B16A401
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 Feb 2007 19:40:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 2FEBF13C4C1
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 Feb 2007 19:40:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l1CJeaaL071176
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 Feb 2007 19:40:36 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l1CJeask071175;
	Mon, 12 Feb 2007 19:40:36 GMT
	(envelope-from nobody)
Message-Id: <200702121940.l1CJeask071175@www.freebsd.org>
Date: Mon, 12 Feb 2007 19:40:36 GMT
From: "Dr. Markus Waldeck"<waldeck@gmx.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: sysctl security.mac.bsdextended is not consistent with the output of sysctl -d
X-Send-Pr-Version: www-3.0

>Number:         109102
>Category:       bin
>Synopsis:       sysctl security.mac.bsdextended is not consistent with the output of sysctl -d
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    csjp
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 12 19:50:02 GMT 2007
>Closed-Date:    
>Last-Modified:  Tue Feb 13 16:06:32 GMT 2007
>Originator:     Dr. Markus Waldeck
>Release:        7.0-CURRENT-200702
>Organization:
>Environment:
FreeBSD fb 7.0-CURRENT-200702 FreeBSD 7.0-CURRENT-200702 #1: Sun Feb 11 14:37:59 UTC 2007     
root@fbh:/huge/fbsrc200702/sys/i386/compile/FB070201  i386

>Description:
CUSTOM kernel:
options MAC
kldload mac_bsdextended.ko

% sysctl security.mac.bsdextended
security.mac.bsdextended.enabled: 1
security.mac.bsdextended.rule_count: 0
security.mac.bsdextended.rule_slots: 0
security.mac.bsdextended.rule_version: 2
security.mac.bsdextended.logging: 0
security.mac.bsdextended.firstmatch_enabled: 0

% sysctl -d security.mac.bsdextended
security.mac.bsdextended: TrustedBSD extended BSD MAC policy controls
security.mac.bsdextended.enabled: Enforce extended BSD policy
security.mac.bsdextended.rule_count: Number of defined rules

security.mac.bsdextended.rule_slots: Number of used rule slots

security.mac.bsdextended.rule_version: Version number for API

security.mac.bsdextended.logging: Log failed authorization requests
security.mac.bsdextended.firstmatch_enabled: Disable/enable match first rule functionality
security.mac.bsdextended.rules: BSD extended MAC rules

sysctl -d mentions security.mac.bsdextended.rules with does not exist and
shows some redundant newlines.
>How-To-Repeat:
% sysctl security.mac.bsdextended

% sysctl -d security.mac.bsdextended

>Fix:

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->csjp 
Responsible-Changed-By: csjp 
Responsible-Changed-When: Tue Feb 13 16:04:35 UTC 2007 
Responsible-Changed-Why:  
I will take ownership of this.  This is not really a bug since 
the rules variable is of type CTLTYPE_NODE which only gets 
processed if the -d flag is set (by design).  However we might 
need to look into the logic for printing newlines more carefully. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=109102 
>Unformatted:
