freebsd-dev/sys/modules
Robert Watson 03d031626d A cute yet small MAC policy that provides a simple ACL mechanism to
permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh.  The policy is twiddled using
sysctl(8).  To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired.  This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack.  It appears to work properly in my local configuration,
but needs more broad testing.

A sample policy might be:

  # sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"

This permits uid 425 to bind TCP sockets to ports 79 and 80.  Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-03-02 23:01:42 +00:00
..
3dfx
aac Revert the use of -g that leaked in. 2003-02-26 06:56:46 +00:00
accf_data
accf_http
acpi
agp
aha
aic
aic7xxx
aio
amd
amr
an
aout
apm
ar
arcnet
asr
atspeaker
aue
awi
bge
bktr
bridge
cam
canbepm
canbus
cardbus
cbb
ccd
cd9660
ciss
cm
coda
coff
crypto
cryptodev
cue
dc
de
digi
drm
dummynet
ed
el
em
ep
exca
ext2fs
fdc
fdescfs
fe
firewire
fpu
fxp
gem
gnufpu
gx
hea
hfa
hifn
hme
hpfs
i2c
ibcs2
idt
if_disc
if_ef
if_faith
if_gif
if_gre
if_ppp
if_sl
if_stf
if_tap
if_tun
if_vlan
iir
ip6fw
ip_mroute_mod
ipfilter
ipfw
isp
ispfw
joy
kue
lge
libiconv
libmchain
linprocfs
linux
lnc
lpt
mac_biba
mac_bsdextended
mac_ifoff
mac_lomac
mac_mls
mac_none
mac_partition
mac_portacl A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
mac_seeotheruids
mac_stub
mac_test
mcd
md
mii
mlx
mly
mpt
msdosfs
my
ncp
ncv
netgraph
nfsclient
nfsserver
nge
nmdm
nsp
ntfs
null This is not going to win prizes for the most useful module ever, 2003-02-27 18:08:44 +00:00
nullfs
nwfs
oldcard
oltr
osf1
pccard
pcfclock
pcic
pcn
pcspeaker
pecoff
plip
pmc
portalfs
ppbus
ppi
pps
procfs
pseudofs
raidframe
random
ray
rc
rc4
rl
rp
s3
sbni
scd
scsi_low
sem
sf
sis
sk
smapi
smbfs
sn
snc
snp
sound
splash
sppp
sr
ste
stg
streams
svr4
sym
syscons
sysvipc
ti
tl
trm
twe
tx
txp
ubsa
ubsec
ucom
udbp
udf
ufm
ufs
uftdi
ugen
uhid
ukbd
ulpt
umapfs
umass
umodem
ums
unionfs
uplcom
urio
usb
uscanner
uvisor
uvscom
vesa
vinum
vpo
vr
vx
wb
wi
wlan
xe
xl
Makefile A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
Makefile.inc