Commit Graph

46 Commits

Author SHA1 Message Date
Jamie Gritton
de68a3200a Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
sockstat(1), ugidfw(8)
These are the last of the jail-aware userland utilities that didn't work
 with names.

PR:		229266
MFC after:	3 days
Differential Revision:	D16047
2018-07-03 23:47:20 +00:00
Pedro F. Giffuni
5e53a4f90f lib: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
2017-11-26 02:00:33 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Enji Cooper
fcc46733b3 Clean up trailing whitespace
MFC after:	1 week
2017-10-23 16:55:22 +00:00
Enji Cooper
df6a67d624 Remove dead stores
The return value of various snprintf calls was stored in `len` and not used
in many functions.

MFC after:	1 week
Reported by:	clang-scanbuild
2017-10-23 16:54:30 +00:00
Glen Barber
a70cba9582 First pass through library packaging.
Sponsored by:	The FreeBSD Foundation
2016-02-04 21:16:35 +00:00
Bryan Drewery
7b3ea376a2 META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host.
This both avoids some dependencies on xinstall.host and allows
bootstrapping on older releases to work due to lack of at least 'install -l'
support.

Sponsored by:	EMC / Isilon Storage Division
2015-11-25 19:10:28 +00:00
Bryan Drewery
66157b3899 Fix 'ugidfw remove' after r284251 incorrectly changed it.
The sysctl_rule() node removes entries when given a newptr and newlen == 0.
2015-09-29 18:48:12 +00:00
Marcelo Araujo
bf41706273 Set some internal helpers as static and initialize few variables to silence
CLANG WARNINGS.
BUMP SHLIB_MAJOR version as the ABI potentially changed.

Also run an 'exp run' to double check if any external project are using
those functions. Thanks antoine@.

PR:			200807
Differential Revision:	D2775
Reviewed by:		kib, ngie
2015-06-24 01:48:44 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Marcelo Araujo
a7c4e991b8 Remove unnecessary variable and fix the usage of sysctl(3).
Differential Revision:	D2733
Reviewed by:		ngie, kib
2015-06-11 01:22:27 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Marcelo Araujo
da1259f032 Remove unused variables and silence clang warnings.
Differential Revision:	D2686
Reviewed by:		rodrigc
2015-06-04 02:44:37 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Simon J. Gerraty
76b28ad6ab Updated dependencies 2014-05-10 05:16:28 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Simon J. Gerraty
7cd2dcf076 Updated/new Makefile.depend 2012-11-08 21:24:17 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Ed Maste
fa1f169d8c Quiet clang warnings by using string literal format strings. 2011-01-04 13:02:52 +00:00
Ulrich Spörlein
aa12cea2cc mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.

Reviewed by:	ru
Approved by:	philip, ed (mentors)
2010-04-14 19:08:06 +00:00
Ed Schouten
daaf575910 Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
Ed Schouten
26fac73c1c Remove an unused variable. 2009-12-31 01:38:12 +00:00
Ken Smith
3ca3047aee Bump the version of all non-symbol-versioned shared libraries in
preparation for 8.0-RELEASE.  Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.

Reviewed by:    kib
Approved by:    re (rwatson)
2009-07-19 17:25:24 +00:00
Daniel Eischen
419ecd5dee Bump library versions in preparation for 7.0.
Ok'd by:	kan
2007-05-21 02:49:08 +00:00
David Malone
89ddbd45e5 Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
	objects: ranges of uid, ranges of gid, filesystem,
		object is suid, object is sgid, object matches subject uid/gid
		object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
2006-04-23 17:06:18 +00:00
Ken Smith
a84020c2b9 Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
2005-07-22 17:19:05 +00:00
Tom Rhodes
0a5660df88 Fix two typos in comments. 2005-04-23 02:20:35 +00:00
Robert Watson
a6c2bc8bcb When parsing the second {uid,gid} in an identity phrase for ugidfw,
check the password or group database before attempting to parse as an
integer, as is done for the first {uid,gid} in an identity phrase.

Obtained from:	TrustedBSD Project
Sponsored by:	SPAWAR, SPARTA
2005-04-16 11:58:55 +00:00
Robert Watson
89afecd482 In practice, you need to include <sys/types.h> and
<security/mac_bsdextended/mac_bsdextended.h> in order to include
<ugidfw.h>, so document that.

MFC after:	3 days
2005-04-16 11:32:46 +00:00
Pawel Jakub Dawidek
4ba88b3d56 Fix typo - link for bsde_add_rule(3) manual page was not created.
MFC after:	1 week
2005-03-28 09:38:43 +00:00
Pawel Jakub Dawidek
fbc822ae3a Properly return rule number.
Submitted by:	Wojciech A. Koszek
PR:		bin/79292
MFC after:	1 week
2005-03-28 09:37:44 +00:00
Robert Watson
f4194603ce Modify libugidfw(3) to use MBI_* permission flags from mac_bsdextended.h
instead of using the V* permission flags from vnode.h.  Remove include
of vnode.h.

Requested by:	phk
2004-10-21 11:21:13 +00:00
Ruslan Ermilov
1a0a934547 Mechanically kill hard sentence breaks. 2004-07-02 23:52:20 +00:00
Ruslan Ermilov
862b46f607 Markup, grammar, punctuation. 2004-07-01 18:20:57 +00:00
Bruce Evans
0f9a2306a5 Fixed misspellings of 0 as NULL. 2004-03-11 09:56:04 +00:00
Robert Watson
47ab23aa82 Add bsde_add_rule(), which is similar to bsde_set_rule() except that
the caller does not specify the rule number -- instead, the kernel
module is probed for the next available rule, which is then used.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-25 03:24:39 +00:00
Ruslan Ermilov
9be025500d Assorted mdoc(7) fixes. 2003-06-01 19:41:49 +00:00
Chris Costello
6e238d7604 Correct a couple small typos.
Submitted by:	Attila Nagy <bra@fsn.hu>
2003-01-07 13:18:21 +00:00
Chris Costello
d69f82076b Document the file system firewall interface library functions.
Sponsored by:	DARPA, Network Associates Laboratories
2003-01-07 11:23:43 +00:00
Robert Watson
0285334bc8 License and blurb update authorized by Network Associates. 2002-11-07 20:37:04 +00:00
Peter Wemm
224af215a6 Zap now-unused SHLIB_MINOR 2002-09-28 00:25:32 +00:00
Robert Watson
da30581ecb Use size_t instead of int for len variables passed in/out of sysctl.
Pointed out by:	jake
2002-09-27 16:35:19 +00:00
Robert Watson
912dd12ad1 Use "ugidfw.h" rather than <ugidfw.h> so that mkdep can find it.
Suggested by:	mike
2002-08-14 22:30:07 +00:00
Robert Watson
5fc5c0cd3b De-gccize CFLAGS by removing it.
NOMAN is no longer required when a man page is not yet present.

Submitted by:	ru
2002-08-02 13:33:17 +00:00
Robert Watson
46d1a925c2 Introduce support for Mandatory Access Control and extensible
kernel access control.

Provide a library to manage user file system firewall-like rules
supported by the mac_bsdextended.ko security model.  The kernel
module exports the current rule set using sysctl, and this
library provides a front end that includes support for retrieving
and setting rules, as well as printing and parsing them.

Note: as with other userland components, this is a WIP.  However,
when used in combination with the soon-to-be-committed ugidfw,
it can actually be quite useful in multi-user environments to
allow the administrator to limit inter-user file operations without
resorting to heavier weight labeled security policies.

Obtained form:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 07:07:35 +00:00