d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
141,372 Commits 72 Branches 135 Tags 3.2 GiB
bc452c1162
Commit Graph

16 Commits

Author SHA1 Message Date
David Malone
89ddbd45e5 Add some new options to mac_bsdestended. We can now match on: 
subject: ranges of uid, ranges of gid, jail id
	objects: ranges of uid, ranges of gid, filesystem,
		object is suid, object is sgid, object matches subject uid/gid
		object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
 2006-04-23 17:06:18 +00:00
Tai-hwa Liang
c649c6900b Fixing an off-by-one error which results in 'ugidfw list' to complain about 
"Data error in security.mac.bsdextended.rules.N: Unknown error: 0."

Reviewed by:	rwatson
MFC after:	3 days
 2005-07-21 13:23:23 +00:00
Philippe Charnier
e05179a4c3 Add prototypes and remove unused variables for WARNS=6 compliance. Add 
'usage: ' in front of usage string. Use warnx(3) instead of fprintf in error
messages to get progname prepended.
 2005-01-16 10:49:48 +00:00
Tom Rhodes
a3fe8ea3ed Wording nit. 2005-01-10 00:35:54 +00:00
Robert Watson
9dc981da8d Remove unnecessary include of vnode.h. 
Requested by:	phk
 2004-10-21 11:22:07 +00:00
Ruslan Ermilov
07bfccd71e Mechanically kill hard sentence breaks. 2004-07-02 23:13:00 +00:00
Robert Watson
ae5fbd9b53 Add an 'add' command to ugidfw(8), which permits specifying a new 
rule without explicitly specifying a new rule number.

Update copyrights, remove license clause three.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
 2004-02-25 03:59:56 +00:00
David E. O'Brien
052238b16c style.Makefile(5) 2003-04-04 17:49:21 +00:00
Ruslan Ermilov
ee8e7f9d42 mdoc(7) police: markup overhaul. 
Approved by:	re
 2002-12-12 14:09:25 +00:00
Chris Costello
0540c0eb2a Stick .Os between .Dd and .Dt 2002-10-20 19:45:39 +00:00
Chris Costello
e5900bcbeb Cosmetic line-wrapping change that has the side-effect of not producing 
the (incorrectly-spaced) output "... Network Associates Inc.  under ..."
 2002-10-18 05:31:39 +00:00
Chris Costello
c5ad2cad9e Remove a superfluous line containing only `.' 2002-10-18 05:29:39 +00:00
Chris Costello
6dde49132e Activate ugidfw.8 man page. 
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-10-17 22:43:11 +00:00
Chris Costello
fb8085a281 Add a man page for ugidfw(8). 
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-10-17 01:54:37 +00:00
Robert Watson
4fd65a06f9 Add a libnames entry for libugidfw. 
Add a DPADD line for ${LIBUGIDFW} for ugidfw.

Submitted by:	ru
 2002-08-02 13:37:57 +00:00
Robert Watson
34d26f04c3 Introduce support for Mandatory Access Control and extensible 
kernel access control.

Provide ugidfw, a utility to manage the ruleset provided by
mac_bsdextended.  Similar to ipfw, only for uids/gids and files.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-08-02 07:14:22 +00:00