Commit Graph

6 Commits

Author SHA1 Message Date
dwmalone
b6a2964430 Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
	objects: ranges of uid, ranges of gid, filesystem,
		object is suid, object is sgid, object matches subject uid/gid
		object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
2006-04-23 17:06:18 +00:00
avatar
6989cd8fec Fixing an off-by-one error which results in 'ugidfw list' to complain about
"Data error in security.mac.bsdextended.rules.N: Unknown error: 0."

Reviewed by:	rwatson
MFC after:	3 days
2005-07-21 13:23:23 +00:00
charnier
a77fd8ed0a Add prototypes and remove unused variables for WARNS=6 compliance. Add
'usage: ' in front of usage string. Use warnx(3) instead of fprintf in error
messages to get progname prepended.
2005-01-16 10:49:48 +00:00
rwatson
3612fd4a66 Remove unnecessary include of vnode.h.
Requested by:	phk
2004-10-21 11:22:07 +00:00
rwatson
a548fcf645 Add an 'add' command to ugidfw(8), which permits specifying a new
rule without explicitly specifying a new rule number.

Update copyrights, remove license clause three.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-25 03:59:56 +00:00
rwatson
2f173ca43e Introduce support for Mandatory Access Control and extensible
kernel access control.

Provide ugidfw, a utility to manage the ruleset provided by
mac_bsdextended.  Similar to ipfw, only for uids/gids and files.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 07:14:22 +00:00