d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
130,919 Commits 4 Branches 49 Tags 2 GiB
d1f948fe66
Commit Graph

16 Commits

Author SHA1 Message Date
dwmalone
b6a2964430 Add some new options to mac_bsdestended. We can now match on: 
subject: ranges of uid, ranges of gid, jail id
	objects: ranges of uid, ranges of gid, filesystem,
		object is suid, object is sgid, object matches subject uid/gid
		object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
 2006-04-23 17:06:18 +00:00
avatar
6989cd8fec Fixing an off-by-one error which results in 'ugidfw list' to complain about 
"Data error in security.mac.bsdextended.rules.N: Unknown error: 0."

Reviewed by:	rwatson
MFC after:	3 days
 2005-07-21 13:23:23 +00:00
charnier
a77fd8ed0a Add prototypes and remove unused variables for WARNS=6 compliance. Add 
'usage: ' in front of usage string. Use warnx(3) instead of fprintf in error
messages to get progname prepended.
 2005-01-16 10:49:48 +00:00
trhodes
7f890bc8e0 Wording nit. 2005-01-10 00:35:54 +00:00
rwatson
3612fd4a66 Remove unnecessary include of vnode.h. 
Requested by:	phk
 2004-10-21 11:22:07 +00:00
ru
6294018a20 Mechanically kill hard sentence breaks. 2004-07-02 23:13:00 +00:00
rwatson
a548fcf645 Add an 'add' command to ugidfw(8), which permits specifying a new 
rule without explicitly specifying a new rule number.

Update copyrights, remove license clause three.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
 2004-02-25 03:59:56 +00:00
obrien
a920d12f89 style.Makefile(5) 2003-04-04 17:49:21 +00:00
ru
3e0fbd7bc4 mdoc(7) police: markup overhaul. 
Approved by:	re
 2002-12-12 14:09:25 +00:00
chris
e4eb2b0fa9 Stick .Os between .Dd and .Dt 2002-10-20 19:45:39 +00:00
chris
83e0636f51 Cosmetic line-wrapping change that has the side-effect of not producing 
the (incorrectly-spaced) output "... Network Associates Inc.  under ..."
 2002-10-18 05:31:39 +00:00
chris
423a885cd3 Remove a superfluous line containing only `.' 2002-10-18 05:29:39 +00:00
chris
eed4d84882 Activate ugidfw.8 man page. 
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-10-17 22:43:11 +00:00
chris
17310089d6 Add a man page for ugidfw(8). 
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-10-17 01:54:37 +00:00
rwatson
087e19f81f Add a libnames entry for libugidfw. 
Add a DPADD line for ${LIBUGIDFW} for ugidfw.

Submitted by:	ru
 2002-08-02 13:37:57 +00:00
rwatson
2f173ca43e Introduce support for Mandatory Access Control and extensible 
kernel access control.

Provide ugidfw, a utility to manage the ruleset provided by
mac_bsdextended.  Similar to ipfw, only for uids/gids and files.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
 2002-08-02 07:14:22 +00:00