freebsd-nq/lib/libugidfw
David Malone 89ddbd45e5 Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
	objects: ranges of uid, ranges of gid, filesystem,
		object is suid, object is sgid, object matches subject uid/gid
		object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
2006-04-23 17:06:18 +00:00
..
bsde_get_rule_count.3 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
bsde_get_rule.3 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
bsde_parse_rule.3 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
bsde_rule_to_string.3 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
libugidfw.3 Add some new options to mac_bsdestended. We can now match on: 2006-04-23 17:06:18 +00:00
Makefile Bump the shared library version number of all libraries that have not 2005-07-22 17:19:05 +00:00
ugidfw.c Add some new options to mac_bsdestended. We can now match on: 2006-04-23 17:06:18 +00:00
ugidfw.h Add some new options to mac_bsdestended. We can now match on: 2006-04-23 17:06:18 +00:00