d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e40d16ad6e
freebsd-dev/sbin
History
Simon J. Gerraty 1554ba03b6 Add mac_grantbylabel 
This module allows controlled privilege escallation via mac labels
securely associated with a process via mac_veriexec.

There are over 700 PRIV_* but we can compress many of them into
a single GBL_* thus constraining the size of gbl labels.

The goal is to allow a daemon to run as an unprivileged process while
still being able a set of privileged operations needed.

We add APIs to libveriexec so that userland processes can check labels
and an exec_script API that allows a suitably labeled process to run
something like a python interpreter directly if necessary;
overcomming the 'indirect' flag applied to the interpreter.

Add -l option to sbin/veriexec to report labels.

Reviewed by:	stevek
Sponsored by:	Juniper Networks, Inc.
Differential Revision:	https://reviews.freebsd.org/D41431
2023-08-24 17:42:11 -07:00
..
adjkerntz Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
bectl bectl: make mount subcommand less verbose 2023-08-23 10:45:01 -08:00
bsdlabel Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
camcontrol Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
ccdconfig Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
clri Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
comcontrol Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
conscontrol Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
ddb Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
decryptcore Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
devd Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
devfs Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
devmatch Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
dhclient Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
dmesg Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
dump Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
dumpfs Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
dumpon Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
etherswitchcfg Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
fdisk Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
ffsinfo Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
fsck Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
fsck_ffs Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
fsck_msdosfs Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
fsdb Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
fsirand Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
gbde Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:20 -06:00
geom Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
ggate Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
growfs Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
gvinum Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
hastctl Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
hastd Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
ifconfig Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
init Use 115200 bps by default for serial communication 2023-08-17 13:31:38 -04:00
ipf Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
ipfw Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
kldconfig Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
kldload Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
kldstat Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
kldunload Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
ldconfig Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
md5 Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
mdconfig Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
mdmfs Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
mknod Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
mksnap_ffs Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
mount Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
mount_cd9660 Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
mount_fusefs Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
mount_msdosfs Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
mount_nfs Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
mount_nullfs Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
mount_udf Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
mount_unionfs Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
natd Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
newfs Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
newfs_msdos Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
nfsiod Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
nos-tun Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
nvmecontrol Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
pfctl Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
pfilctl Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
pflogd Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
ping Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
quotacheck Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
rcorder Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
reboot Use 115200 bps by default for serial communication 2023-08-17 13:31:38 -04:00
recoverdisk Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
resolvconf Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
restore Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
route Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
routed Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
rtsol Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
savecore Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
setkey Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
shutdown Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
swapon Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
sysctl Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
tests Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
tunefs Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
umount Remove $FreeBSD$: one-line nroff pattern 2023-08-16 11:55:15 -06:00
veriexec Add mac_grantbylabel 2023-08-24 17:42:11 -07:00
zfsbootcfg Remove $FreeBSD$: two-line nroff pattern 2023-08-16 11:55:10 -06:00
Makefile Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.amd64 Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.arm Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.i386 Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.inc Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00
Makefile.powerpc64 Remove $FreeBSD$: one-line sh pattern 2023-08-16 11:55:03 -06:00