freebsd-nq/sys/modules
Robert Watson 03d031626d A cute yet small MAC policy that provides a simple ACL mechanism to
permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh.  The policy is twiddled using
sysctl(8).  To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired.  This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack.  It appears to work properly in my local configuration,
but needs more broad testing.

A sample policy might be:

  # sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"

This permits uid 425 to bind TCP sockets to ports 79 and 80.  Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-03-02 23:01:42 +00:00
..
3dfx
aac Revert the use of -g that leaked in. 2003-02-26 06:56:46 +00:00
accf_data
accf_http
acpi Add code for ACPI PCI link object manipulation. 2002-10-05 02:01:05 +00:00
agp Split the arch-specific AGP files into the appropriate files.* and do the same 2003-02-14 06:33:52 +00:00
aha
aic Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
aic7xxx Update GENSRCS and aicasm options correctly depending on whether register 2003-01-22 21:56:54 +00:00
aio
amd Move the amd(4) driver to it's own directory in preparation for it growing 2002-12-13 22:59:18 +00:00
amr (1) added LSI Logic copyright, and legal line 3 in license, and string 2002-10-18 21:29:14 +00:00
an
aout I completely fubared this. An empty EXPORT_SYMS= is not valid. I know I 2002-09-11 18:03:03 +00:00
apm Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
ar
arcnet - add support for IPX (tested with mount -t nwfs and mars_nwe), 2003-01-24 01:32:20 +00:00
asr
atspeaker Rename the speaker device for pc98 to 'pcspeaker'. 2002-10-31 05:19:33 +00:00
aue
awi
bge Remove miidevs.h and generate it from miidevs at compile time. 2003-01-19 02:59:34 +00:00
bktr Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
bridge Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
cam New SCSI target emulator code 2002-11-22 22:55:51 +00:00
canbepm Add CanBe power management controller support. 2003-02-03 14:46:26 +00:00
canbus Add CanBe power management controller support. 2003-02-03 14:46:26 +00:00
cardbus I don't think that these modules should export symbols at all. All 2002-01-11 20:14:03 +00:00
cbb Fix this pending the decision of which of the redundant 2002-08-27 15:59:19 +00:00
ccd Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
cd9660 Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ciss - Comment a line which sets CISS_DEBUG by default. 2002-10-27 12:09:51 +00:00
cm
coda Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
coff Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
crypto Module-ize the 'core' crypto stuff. This may still need to be compiled 2002-10-16 14:31:34 +00:00
cryptodev module for /dev/crypto support 2002-10-04 20:35:02 +00:00
cue
dc
de
digi Fix my recent breakage of some modules. 2002-02-15 15:45:34 +00:00
drm Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
dummynet Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ed Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
el
em Don't roll our own clean target, the default one 2002-10-27 17:06:03 +00:00
ep Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
exca Module for exca. Eventually, this will be shared between pcic and pccbb. 2002-01-29 06:53:32 +00:00
ext2fs Complete the separation of ext2fs from ufs by copying the remaining 2002-05-16 19:08:03 +00:00
fdc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
fdescfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
fe Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
firewire Remove unnecessary EXPORT_SYMS. 2003-02-13 13:42:19 +00:00
fpu Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
fxp
gem Build a gem module, for sparc64 only for now. 2003-01-08 20:40:29 +00:00
gnufpu Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
gx
hea Build a 'hea_pci' driver module. 2002-06-03 09:13:53 +00:00
hfa Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
hifn Remove opt_pci.h from SRCS, it doesn't exist anymore. 2002-11-13 17:45:42 +00:00
hme Add an hme(4) module. 2003-01-09 16:29:03 +00:00
hpfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
i2c Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
ibcs2 add opt_mac.h to SRCS to unbreak module build. 2002-08-12 07:20:15 +00:00
idt HARP driver for the IDT77201/211 NICStAR ATM Adapter (Including Fore LE155). 2002-09-30 05:12:39 +00:00
if_disc Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
if_ef Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
if_faith Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
if_gif Depend on opt_mac.h. 2002-08-12 15:27:17 +00:00
if_gre Since bpf is no longer an optional component, remove associated ifdef's. 2002-10-02 09:38:17 +00:00
if_ppp Make ppp(4) devices clonable and unloadable. 2002-08-09 15:30:48 +00:00
if_sl Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
if_stf Add opt_mac.h to dependencies for if_stf.c module. 2002-10-20 22:57:22 +00:00
if_tap
if_tun The ppp and tunnel modules now rely on opt_mac.h. Missed in a previous 2002-07-31 20:19:28 +00:00
if_vlan Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
iir Add the 'iir' driver, for the Intel Integrated RAID controllers and 2002-01-20 08:51:08 +00:00
ip6fw Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ip_mroute_mod Hook up opt_mac.h to the build dependencies. The way we currently 2002-10-20 22:59:17 +00:00
ipfilter Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ipfw bring Makefile up to date with new ipfw 2002-06-28 08:10:07 +00:00
isp Add an isp(4) module. sbus support is only compiled in on sparc64. 2002-10-31 19:50:18 +00:00
ispfw
joy
kue
lge
libiconv Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
libmchain libmchain no longer exports m_fixhdr(); remove it from EXPORT_SYMS. 2002-12-14 00:01:51 +00:00
linprocfs Move the pseudofs, procfs and linprocfs modules out from the fs directory. 2002-02-04 20:16:50 +00:00
linux Add IPv6 support for Linuxlator. 2003-02-03 17:43:20 +00:00
lnc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
lpt Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
mac_biba opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_bsdextended Introduce support for Mandatory Access Control and extensible 2002-08-01 17:41:27 +00:00
mac_ifoff opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_lomac Hook up the mac_lomac module build. 2002-11-26 17:35:44 +00:00
mac_mls opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_none opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_partition Commit of Makefile missed in earlier pass. 2002-10-24 02:04:03 +00:00
mac_portacl A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
mac_seeotheruids Introduce support for Mandatory Access Control and extensible 2002-08-01 17:41:27 +00:00
mac_stub opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_test opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mcd newbus & bus_space the mcd(4) driver. 2002-10-04 07:14:19 +00:00
md Add opt_geom.h to the list. 2003-01-13 08:31:41 +00:00
mii Remove miidevs.h and generate it from miidevs at compile time. 2003-01-19 02:59:34 +00:00
mlx
mly
mpt Add a module for mpt(4). 2002-10-31 19:39:23 +00:00
msdosfs Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
my This time get it right 2002-04-16 20:40:06 +00:00
ncp Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ncv
netgraph Take the rc4 code out of ng_mppc module so we don't fail to load when 2003-02-05 19:11:11 +00:00
nfsclient Moved nfs_diskless setup code from autoconf.c to nfsclient/nfs_diskless.c 2002-09-22 00:59:02 +00:00
nfsserver Permit MAC policies to instrument the access control decisions for 2002-11-04 15:13:36 +00:00
nge
nmdm
nsp
ntfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
null This is not going to win prizes for the most useful module ever, 2003-02-27 18:08:44 +00:00
nullfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
nwfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
oldcard Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
oltr Initiate deorbit burn for the i386-only a.out related support. Moves are 2002-09-17 01:49:00 +00:00
osf1 Remove support for running in SimOS. The support has rotted over 2003-02-25 00:42:40 +00:00
pccard I don't think that these modules should export symbols at all. All 2002-01-11 20:14:03 +00:00
pcfclock
pcic I don't think that these modules should export symbols at all. All 2002-01-11 20:14:03 +00:00
pcn
pcspeaker Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
pecoff opt_kstack_pages.h is not needed anymore. It would have been a Bad Thing 2002-09-08 02:59:38 +00:00
plip Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
pmc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
portalfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ppbus Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ppi Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
pps Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
procfs Slightly change the semantics of vnode labels for MAC: rather than 2002-10-26 14:38:24 +00:00
pseudofs Introduce support for Mandatory Access Control and extensible 2002-08-01 01:33:12 +00:00
raidframe After much delay and anticipation, welcome RAIDFrame into the FreeBSD 2002-10-20 08:17:39 +00:00
random Upgrade the random device to use a "real" hash instead of building 2002-07-15 13:58:35 +00:00
ray Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
rc - New-bussify the rc(4) device driver. 2002-10-23 15:53:09 +00:00
rc4 make rc4 crypto support a module so other modules can depend on it 2003-01-15 19:55:17 +00:00
rl
rp Fix my recent breakage of some modules. 2002-02-15 15:45:34 +00:00
s3
sbni
scd - Convert to newbus, bus_space etc. 2002-11-05 09:37:32 +00:00
scsi_low Export symbols that constitute APIs defined by these 2002-01-11 01:16:00 +00:00
sem Add the rest of the kernel support for the sem_ API in kern/uipc_sem.c. 2002-09-19 00:43:32 +00:00
sf
sis
sk
smapi A driver for the System Management Application Program 2003-01-17 08:10:18 +00:00
smbfs Unbreak the build of smbfs.ko. 2002-03-18 13:06:57 +00:00
sn
snc
snp Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
sound pci_if.h is not needed. 2003-02-07 15:05:37 +00:00
splash Warning fixes. 2002-11-11 10:28:44 +00:00
sppp sppp needs slcompress.c nowadays. 2002-06-17 05:40:49 +00:00
sr
ste
stg
streams Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
svr4 Add opt_mac.h to dependencies for svr4 module, since I'm about to 2002-08-12 01:36:20 +00:00
sym
syscons Don't override CWARNFLAGS in these Makefiles. 2002-11-11 10:11:59 +00:00
sysvipc Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
ti At long last, commit the zero copy sockets code. 2002-06-26 03:37:47 +00:00
tl
trm Connect trm(4) to the build. 2002-10-13 18:44:26 +00:00
twe
tx Remove miidevs.h and generate it from miidevs at compile time. 2003-01-19 02:59:34 +00:00
txp
ubsa Allow ubsa(4) driver to be build as a kernel module. 2002-10-10 05:03:09 +00:00
ubsec Remove opt_pci.h from SRCS, it doesn't exist anymore. 2002-11-13 17:45:42 +00:00
ucom Add a USB comm driver. 2002-03-18 18:23:42 +00:00
udbp Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
udf Nuke -g 2002-04-28 06:38:38 +00:00
ufm Support for USB fm radio. 2002-03-04 03:51:21 +00:00
ufs Add a makefile for building UFS as a module. Since it is of marginal 2002-06-30 02:23:12 +00:00
uftdi Add the uftdi ucom driver which supports the following adapters: 2002-08-11 23:32:33 +00:00
ugen Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
uhid Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ukbd Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ulpt Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
umapfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
umass Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
umodem Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ums Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
unionfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
uplcom Add a USB comm driver. 2002-03-18 18:23:42 +00:00
urio Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
usb Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
uscanner Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
uvisor Commit a version of the uvisor driver for connecting Handspring 2002-07-30 17:44:28 +00:00
uvscom Add a USB comm driver. 2002-03-18 18:23:42 +00:00
vesa Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
vinum Remove gcc-specific optimization/debugging CFLAGS 2002-10-24 03:56:16 +00:00
vpo Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
vr
vx
wb
wi remove wi-specific host ap code; the wi driver now depends on the 2003-01-15 20:13:30 +00:00
wlan add module for 802.11 link layer code 2003-01-15 20:05:52 +00:00
xe Add a module of xe driver. 2002-02-20 15:00:34 +00:00
xl
Makefile A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
Makefile.inc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00