d
/
freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-dev/include
History
Simon J. Gerraty 1554ba03b6 Add mac_grantbylabel 
This module allows controlled privilege escallation via mac labels
securely associated with a process via mac_veriexec.

There are over 700 PRIV_* but we can compress many of them into
a single GBL_* thus constraining the size of gbl labels.

The goal is to allow a daemon to run as an unprivileged process while
still being able a set of privileged operations needed.

We add APIs to libveriexec so that userland processes can check labels
and an exec_script API that allows a suitably labeled process to run
something like a python interpreter directly if necessary;
overcomming the 'indirect' flag applied to the interpreter.

Add -l option to sbin/veriexec to report labels.

Reviewed by:	stevek
Sponsored by:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D41431
 		2023-08-24 17:42:11 -07:00
..
arm arm64 lib32: prepare arm64 headers to redirect to arm 2023-07-25 18:59:26 -05:00
arpa Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
gssapi Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
i386 include/i386: fix release builds 2022-06-13 21:37:34 +01:00
protocols Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
rpc Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
rpcsvc Remove $FreeBSD$: one-line xdr pattern 2023-08-16 11:55:47 -06:00
xlocale Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile Add mac_grantbylabel 2023-08-24 17:42:11 -07:00
Makefile.depend Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
_ctype.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
a.out.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
ar.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
assert.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
bitstring.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
byteswap.h byteswap.h: Add a glibc/linux compatible byteswap.h 2023-01-20 16:37:39 -07:00
complex.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
cpio.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
ctype.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
db.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
dirent.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
dlfcn.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
elf-hints.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
elf.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
endian.h linux: For better compatibility, provide compatible endian.h 2023-01-20 16:32:45 -07:00
err.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
fmtmsg.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
fnmatch.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
fstab.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
fts.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
ftw.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
getopt.h Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:29 -06:00
glob.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
grp.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
gssapi.h Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:29 -06:00
hesiod.h Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:29 -06:00
iconv.h Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:29 -06:00
ieeefp.h Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:29 -06:00
ifaddrs.h Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:29 -06:00
inttypes.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
iso646.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
kenv.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
langinfo.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
libgen.h Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:29 -06:00
limits.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
link.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
locale.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
malloc.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
malloc_np.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
memory.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
mk-osreldate.sh Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
monetary.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
mpool.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
mqueue.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
ndbm.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
netconfig.h Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:29 -06:00
netdb.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
nl_types.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
nlist.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
nss.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
nsswitch.h Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:29 -06:00
paths.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
printf.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
proc_service.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
pthread.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
pthread_np.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
pwd.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
ranlib.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
readpassphrase.h Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:29 -06:00
regex.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
res_update.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
resolv.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
runetype.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
sched.h sched.h: Use pid_t type for pid argument 2021-12-17 08:22:21 +02:00
search.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
semaphore.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
setjmp.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
signal.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
spawn.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
stab.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
stdalign.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
stdbool.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
stddef.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
stdio.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
stdlib.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
stdnoreturn.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
string.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
stringlist.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
strings.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
sysexits.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
tar.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
termios.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
tgmath.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
time.h libc: Add timespec_getres(3) as per C23. 2023-08-24 21:31:54 +00:00
timeconv.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
timers.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
ttyent.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
uchar.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
ulimit.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
unistd.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
utime.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
utmpx.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
uuid.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
varargs.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
wchar.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
wctype.h Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:23 -06:00
wordexp.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00
xlocale.h Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:16 -06:00