freebsd-dev/lib
Simon J. Gerraty 1554ba03b6 Add mac_grantbylabel
This module allows controlled privilege escallation via mac labels
securely associated with a process via mac_veriexec.

There are over 700 PRIV_* but we can compress many of them into
a single GBL_* thus constraining the size of gbl labels.

The goal is to allow a daemon to run as an unprivileged process while
still being able a set of privileged operations needed.

We add APIs to libveriexec so that userland processes can check labels
and an exec_script API that allows a suitably labeled process to run
something like a python interpreter directly if necessary;
overcomming the 'indirect' flag applied to the interpreter.

Add -l option to sbin/veriexec to report labels.

Reviewed by:	stevek
Sponsored by:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D41431
2023-08-24 17:42:11 -07:00
..
atf Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
clang update main to 15 2023-08-24 19:10:35 -04:00
csu Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
flua Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
geom Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
googletest Fix GoogleTest 1.14.0 import 2023-08-18 19:33:58 -07:00
lib9p Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
lib80211 Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:20 -06:00
libalias Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libarchive Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libauditd Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libbe Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libbearssl Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libbegemot Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libblacklist Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libblocksruntime Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libbluetooth Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
libbsddialog Update/fix Makefile.depend for userland 2023-04-18 17:14:23 -07:00
libbsdstat Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libbsm Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libbsnmp Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libbz2 Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libc libc: Add timespec_getres(3) as per C23. 2023-08-24 21:31:54 +00:00
libc_nonshared Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libc++ Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libc++experimental Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libcalendar Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libcam Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libcapsicum Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libcasper Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libcbor Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libclang_rt Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libcom_err Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libcompat Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
libcompiler_rt Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libcrypt Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libcuse Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
libcxxrt Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libdevctl Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libdevdctl Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libdevinfo Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libdevstat Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libdl Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libdpv Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libdwarf Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libedit Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libefivar Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libelf Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libelftc Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libevent1 Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libexecinfo Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libexpat Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libfetch Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libfido2 libfido2: specify OpenSSL 1.1 API 2023-05-09 09:46:09 -04:00
libfigpar Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libgcc_eh Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libgcc_s Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libgeom Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libgpio Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libgssapi Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libiconv_modules Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libifconfig Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libipsec Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libipt Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libiscsiutil Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:42 -06:00
libjail Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libkiconv Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libkvm Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
libldns Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
liblua Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
liblutok Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
liblzma Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libmagic Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libmd Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
libmemstat Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libmilter Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libmixer Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libmp Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libmt Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libnetbsd Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:20 -06:00
libnetgraph Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libnetmap Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libnv Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libomp Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libopenbsd Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:20 -06:00
libopencsd Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libpam Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:20 -06:00
libpathconv Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libpcap Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libpe Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libpfctl Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libpjdlog Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libpmc Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libpmcstat Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libproc Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libprocstat Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libradius Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libregex Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
librpcsec_gss Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
librpcsvc Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
librss Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
librt Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
librtld_db Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libsbuf Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libsdp Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
libsecureboot Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:20 -06:00
libsm Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libsmb Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libsmdb Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libsmutil Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libsqlite3 Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libssp Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libssp_nonshared Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libstats Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libstdbuf Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libstdthreads Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libsysdecode Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libtacplus Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libtelnet Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libthr libc: export pthread_getname_np stub 2023-08-21 01:44:17 +03:00
libthread_db Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libucl Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libufs Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libugidfw Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libulog Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libunbound unbound: Move config.h to lib directory. 2023-08-19 01:44:58 +00:00
libusb Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libusbhid Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libutil forkpty: Avoid fd leak if fork() fails. 2023-08-17 13:48:42 +00:00
libveriexec Add mac_grantbylabel 2023-08-24 17:42:11 -07:00
libvgl Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libvmmapi Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libwrap Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libxo Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
liby Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libypclnt Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
libz Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
libzstd libzstd: Explicitly define ZSTD_DISABLE_ASM 2023-08-22 21:01:03 +01:00
msun Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
ncurses Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
nss_tacplus nss_tacplus: Support setting the login class. 2023-06-13 16:08:32 +00:00
ofed Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
tests Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.inc Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00