Commit Graph

46 Commits

Author SHA1 Message Date
jamie
95deb222cf Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
sockstat(1), ugidfw(8)
These are the last of the jail-aware userland utilities that didn't work
 with names.

PR:		229266
MFC after:	3 days
Differential Revision:	D16047
2018-07-03 23:47:20 +00:00
pfg
260ba0bff1 lib: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
2017-11-26 02:00:33 +00:00
bdrewery
a598c4b809 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
ngie
7e9da6d913 Clean up trailing whitespace
MFC after:	1 week
2017-10-23 16:55:22 +00:00
ngie
597ef9b253 Remove dead stores
The return value of various snprintf calls was stored in `len` and not used
in many functions.

MFC after:	1 week
Reported by:	clang-scanbuild
2017-10-23 16:54:30 +00:00
gjb
fef2698edf First pass through library packaging.
Sponsored by:	The FreeBSD Foundation
2016-02-04 21:16:35 +00:00
bdrewery
e13d6f8b3f META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host.
This both avoids some dependencies on xinstall.host and allows
bootstrapping on older releases to work due to lack of at least 'install -l'
support.

Sponsored by:	EMC / Isilon Storage Division
2015-11-25 19:10:28 +00:00
bdrewery
7d7e4c43c4 Fix 'ugidfw remove' after r284251 incorrectly changed it.
The sysctl_rule() node removes entries when given a newptr and newlen == 0.
2015-09-29 18:48:12 +00:00
araujo
cce1064454 Set some internal helpers as static and initialize few variables to silence
CLANG WARNINGS.
BUMP SHLIB_MAJOR version as the ABI potentially changed.

Also run an 'exp run' to double check if any external project are using
those functions. Thanks antoine@.

PR:			200807
Differential Revision:	D2775
Reviewed by:		kib, ngie
2015-06-24 01:48:44 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
araujo
b88cbe703a Remove unnecessary variable and fix the usage of sysctl(3).
Differential Revision:	D2733
Reviewed by:		ngie, kib
2015-06-11 01:22:27 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
araujo
b85215e38a Remove unused variables and silence clang warnings.
Differential Revision:	D2686
Reviewed by:		rodrigc
2015-06-04 02:44:37 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
6d37b86f2b Updated dependencies 2013-03-11 17:21:52 +00:00
sjg
0ee5295509 Updated dependencies 2013-02-16 01:23:54 +00:00
sjg
9f7bd28e77 Updated/new Makefile.depend 2012-11-08 21:24:17 +00:00
marcel
9dd41e3647 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
emaste
0a9e6b919f Quiet clang warnings by using string literal format strings. 2011-01-04 13:02:52 +00:00
uqs
3960614646 mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by:	ru
Approved by:	philip, ed (mentors)
2010-04-14 19:08:06 +00:00
ed
09818ac28e Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
ed
e85525874a Remove an unused variable. 2009-12-31 01:38:12 +00:00
kensmith
9c2c634ee9 Bump the version of all non-symbol-versioned shared libraries in
preparation for 8.0-RELEASE.  Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.

Reviewed by:    kib
Approved by:    re (rwatson)
2009-07-19 17:25:24 +00:00
deischen
ff36458e08 Bump library versions in preparation for 7.0.
Ok'd by:	kan
2007-05-21 02:49:08 +00:00
dwmalone
b6a2964430 Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
	objects: ranges of uid, ranges of gid, filesystem,
		object is suid, object is sgid, object matches subject uid/gid
		object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
2006-04-23 17:06:18 +00:00
kensmith
f97f77429f Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
2005-07-22 17:19:05 +00:00
trhodes
71a4283929 Fix two typos in comments. 2005-04-23 02:20:35 +00:00
rwatson
c2d86096e6 When parsing the second {uid,gid} in an identity phrase for ugidfw,
check the password or group database before attempting to parse as an
integer, as is done for the first {uid,gid} in an identity phrase.

Obtained from:	TrustedBSD Project
Sponsored by:	SPAWAR, SPARTA
2005-04-16 11:58:55 +00:00
rwatson
74350013ae In practice, you need to include <sys/types.h> and
<security/mac_bsdextended/mac_bsdextended.h> in order to include
<ugidfw.h>, so document that.

MFC after:	3 days
2005-04-16 11:32:46 +00:00
pjd
0e1fcdd3a6 Fix typo - link for bsde_add_rule(3) manual page was not created.
MFC after:	1 week
2005-03-28 09:38:43 +00:00
pjd
838e3ffcb1 Properly return rule number.
Submitted by:	Wojciech A. Koszek
PR:		bin/79292
MFC after:	1 week
2005-03-28 09:37:44 +00:00
rwatson
b59317a711 Modify libugidfw(3) to use MBI_* permission flags from mac_bsdextended.h
instead of using the V* permission flags from vnode.h.  Remove include
of vnode.h.

Requested by:	phk
2004-10-21 11:21:13 +00:00
ru
01548ace15 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
ru
615a6a246a Markup, grammar, punctuation. 2004-07-01 18:20:57 +00:00
bde
4a50f50816 Fixed misspellings of 0 as NULL. 2004-03-11 09:56:04 +00:00
rwatson
09eb839cca Add bsde_add_rule(), which is similar to bsde_set_rule() except that
the caller does not specify the rule number -- instead, the kernel
module is probed for the next available rule, which is then used.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-25 03:24:39 +00:00
ru
2515dba9ff Assorted mdoc(7) fixes. 2003-06-01 19:41:49 +00:00
chris
69abe13c7f Correct a couple small typos.
Submitted by:	Attila Nagy <bra@fsn.hu>
2003-01-07 13:18:21 +00:00
chris
788e08dc50 Document the file system firewall interface library functions.
Sponsored by:	DARPA, Network Associates Laboratories
2003-01-07 11:23:43 +00:00
rwatson
007eb8a428 License and blurb update authorized by Network Associates. 2002-11-07 20:37:04 +00:00
peter
0a7f0ba37e Zap now-unused SHLIB_MINOR 2002-09-28 00:25:32 +00:00
rwatson
6ef83883d8 Use size_t instead of int for len variables passed in/out of sysctl.
Pointed out by:	jake
2002-09-27 16:35:19 +00:00
rwatson
476f71cec5 Use "ugidfw.h" rather than <ugidfw.h> so that mkdep can find it.
Suggested by:	mike
2002-08-14 22:30:07 +00:00
rwatson
2e2c35ec82 De-gccize CFLAGS by removing it.
NOMAN is no longer required when a man page is not yet present.

Submitted by:	ru
2002-08-02 13:33:17 +00:00
rwatson
b7b34f0249 Introduce support for Mandatory Access Control and extensible
kernel access control.

Provide a library to manage user file system firewall-like rules
supported by the mac_bsdextended.ko security model.  The kernel
module exports the current rule set using sysctl, and this
library provides a front end that includes support for retrieving
and setting rules, as well as printing and parsing them.

Note: as with other userland components, this is a WIP.  However,
when used in combination with the soon-to-be-committed ugidfw,
it can actually be quite useful in multi-user environments to
allow the administrator to limit inter-user file operations without
resorting to heavier weight labeled security policies.

Obtained form:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 07:07:35 +00:00