d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5eab523053
freebsd-dev/sys/conf
History
Simon J. Gerraty 1554ba03b6 Add mac_grantbylabel 
This module allows controlled privilege escallation via mac labels
securely associated with a process via mac_veriexec.

There are over 700 PRIV_* but we can compress many of them into
a single GBL_* thus constraining the size of gbl labels.

The goal is to allow a daemon to run as an unprivileged process while
still being able a set of privileged operations needed.

We add APIs to libveriexec so that userland processes can check labels
and an exec_script API that allows a suitably labeled process to run
something like a python interpreter directly if necessary;
overcomming the 'indirect' flag applied to the interpreter.

Add -l option to sbin/veriexec to report labels.

Reviewed by:	stevek
Sponsored by:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D41431
2023-08-24 17:42:11 -07:00
..
config.mk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
dtb.build.mk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
dtb.mk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
files Add mac_grantbylabel 2023-08-24 17:42:11 -07:00
files.amd64 smartpqi: update to version 4410.0.2005 2023-08-24 15:25:09 -06:00
files.arm sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
files.arm64 arm64: Remove duplicate fdt build option 2023-08-23 20:18:38 +02:00
files.i386 sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
files.powerpc sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
files.riscv sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
files.x86 Add atopcase, the Apple HID over SPI input driver 2023-08-20 12:53:32 +03:00
kern.mk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
kern.opts.mk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
kern.post.mk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
kern.pre.mk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
kmod_syms_prefix.awk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
kmod_syms.awk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
kmod.mk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
kmod.opts.mk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
ldscript.amd64 sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ldscript.arm sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ldscript.arm64 sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ldscript.i386 sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ldscript.kmod.amd64 sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ldscript.kmod.i386 sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ldscript.powerpc sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ldscript.powerpc64 sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ldscript.powerpc64le sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ldscript.powerpcspe sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ldscript.riscv sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
Makefile.amd64 sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
Makefile.arm sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
Makefile.arm64 sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
Makefile.i386 sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
Makefile.powerpc sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
Makefile.riscv sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
newvers.sh update main to 15 2023-08-24 19:10:35 -04:00
NOTES sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
options Add mac_grantbylabel 2023-08-24 17:42:11 -07:00
options.amd64 sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
options.arm sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
options.arm64 sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
options.i386 sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
options.powerpc sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
options.riscv sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
std.nodebug std.nodebug: remove DIAGNOSTIC from debug configs 2023-08-18 16:39:22 +03:00
sysent.mk sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
systags.sh sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
vdso_amd64_ia32.ldscript spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
vdso_amd64.ldscript spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD 2023-05-12 10:44:03 -06:00
WITHOUT_SOURCELESS sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
WITHOUT_SOURCELESS_HOST sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00
WITHOUT_SOURCELESS_UCODE sys: Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:54:58 -06:00