d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
145,724 Commits 4 Branches 49 Tags 2 GiB
62e368b0b7
Commit Graph

17 Commits

Author SHA1 Message Date
rwatson
885540f52e In ugidfw(8), print the rule number and rule contents (as parsed and then 
regenerated in libugidfw) rather than simply printing that the rule was
added with only the number.  This makes ugidfw(8) behave a bit more like
ipfw(8), and also means that the administrator sees how the rule was
interpreted once uids/gids/etc were processed.

Obtained from:	TrustedBSD Project
 2008-12-24 22:40:13 +00:00
dwmalone
b6a2964430 Add some new options to mac_bsdestended. We can now match on: 
subject: ranges of uid, ranges of gid, jail id
	objects: ranges of uid, ranges of gid, filesystem,
		object is suid, object is sgid, object matches subject uid/gid
		object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
 2006-04-23 17:06:18 +00:00
avatar
6989cd8fec Fixing an off-by-one error which results in 'ugidfw list' to complain about 
"Data error in security.mac.bsdextended.rules.N: Unknown error: 0."

Reviewed by:	rwatson
MFC after:	3 days
 2005-07-21 13:23:23 +00:00
charnier
a77fd8ed0a Add prototypes and remove unused variables for WARNS=6 compliance. Add 
'usage: ' in front of usage string. Use warnx(3) instead of fprintf in error
messages to get progname prepended.
 2005-01-16 10:49:48 +00:00
trhodes
7f890bc8e0 Wording nit. 2005-01-10 00:35:54 +00:00
rwatson
3612fd4a66 Remove unnecessary include of vnode.h. 
Requested by:	phk
 2004-10-21 11:22:07 +00:00
ru
6294018a20 Mechanically kill hard sentence breaks. 2004-07-02 23:13:00 +00:00
rwatson
a548fcf645 Add an 'add' command to ugidfw(8), which permits specifying a new 
rule without explicitly specifying a new rule number.

Update copyrights, remove license clause three.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
 2004-02-25 03:59:56 +00:00
obrien
a920d12f89 style.Makefile(5) 2003-04-04 17:49:21 +00:00
ru
3e0fbd7bc4 mdoc(7) police: markup overhaul. 
Approved by:	re
 2002-12-12 14:09:25 +00:00
chris
e4eb2b0fa9 Stick .Os between .Dd and .Dt 2002-10-20 19:45:39 +00:00
chris
83e0636f51 Cosmetic line-wrapping change that has the side-effect of not producing 
the (incorrectly-spaced) output "... Network Associates Inc.  under ..."
 2002-10-18 05:31:39 +00:00
chris
423a885cd3 Remove a superfluous line containing only `.' 2002-10-18 05:29:39 +00:00
chris
eed4d84882 Activate ugidfw.8 man page. 
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-10-17 22:43:11 +00:00
chris
17310089d6 Add a man page for ugidfw(8). 
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-10-17 01:54:37 +00:00
rwatson
087e19f81f Add a libnames entry for libugidfw. 
Add a DPADD line for ${LIBUGIDFW} for ugidfw.

Submitted by:	ru
 2002-08-02 13:37:57 +00:00
rwatson
2f173ca43e Introduce support for Mandatory Access Control and extensible 
kernel access control.

Provide ugidfw, a utility to manage the ruleset provided by
mac_bsdextended.  Similar to ipfw, only for uids/gids and files.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-08-02 07:14:22 +00:00