freebsd-skq/lib
kevans 2109148b1c vfs: add restrictions to read(2) of a directory [2/2]
This commit adds the priv(9) that waters down the sysctl to make it only
allow read(2) of a dirfd by the system root. Jailed root is not allowed, but
jail policy and superuser policy will abstain from allowing/denying it so
that a MAC module can fully control the policy.

Such a MAC module has been written, and can be found at:
https://people.freebsd.org/~kevans/mac_read_dir-0.1.0.tar.gz

It is expected that the MAC module won't be needed by many, as most only
need to do such diagnostics that require this behavior as system root
anyways. Interested parties are welcome to grab the MAC module above and
create a port or locally integrate it, and with enough support it could see
introduction to base. As noted in mac_read_dir.c, it is released under the
BSD 2 clause license and allows the restrictions to be lifted for only
jailed root or for all unprivileged users.

PR:		246412
Reviewed by:	mckusick, kib, emaste, jilles, cy, phk, imp (all previous)
Reviewed by:	rgrimes (latest version)
Differential Revision:	https://reviews.freebsd.org/D24596
2020-06-04 18:17:25 +00:00
..
atf Update Makefile.depend files 2019-12-11 17:37:53 +00:00
clang Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp 2020-05-23 10:32:18 +00:00
csu [PowerPC] Fix wrong instructions in _savegpr_X. 2020-05-14 04:00:35 +00:00
geom Remove support for geli(4) algorithms deprecated in r348206. 2020-04-15 00:14:50 +00:00
googletest Another round of attempting to squelch -Wdeprecated-declarations, which 2019-09-17 06:07:08 +00:00
kyua Install expected kyua docs. 2020-03-26 17:34:17 +00:00
lib80211 Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libalias libalias: retire cuseeme support 2020-05-16 02:29:10 +00:00
libarchive MFV r361280: 2020-05-20 20:58:48 +00:00
libauditd libauditd: make it a PRIVATELIB 2020-04-19 02:20:39 +00:00
libbe Drop "All Rights Reserved" from all libbe/bectl files 2020-01-24 02:18:09 +00:00
libbearssl Add libbearssl 2019-02-26 05:59:22 +00:00
libbegemot Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libblacklist Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libblocksruntime Move all sources from the llvm project into contrib/llvm-project. 2019-12-20 19:53:05 +00:00
libbluetooth Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libbsdstat Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libbsm libbsm: fix some MLINKS 2020-04-19 02:18:40 +00:00
libbsnmp Merge release 1.14 of bsnmp. 2020-04-01 15:25:16 +00:00
libbz2 Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libc vfs: add restrictions to read(2) of a directory [2/2] 2020-06-04 18:17:25 +00:00
libc_nonshared
libc++ Remove -mlong-calls vhen building arm libraries and llvm. 2020-03-10 06:49:43 +00:00
libc++experimental Move all sources from the llvm project into contrib/llvm-project. 2019-12-20 19:53:05 +00:00
libcalendar Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libcam Remove unused cam ccb flags 2020-03-10 23:58:41 +00:00
libcapsicum capsicum_helpers: split stream cap bits out of caph_limit_stream() 2020-01-02 23:07:45 +00:00
libcasper cap_fileargs: Fix a descriptor leak in the service process. 2020-06-01 15:32:13 +00:00
libclang_rt Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp 2020-05-23 10:32:18 +00:00
libcom_err Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libcompat ftime appeared in 7th Edition Unix to replace gtime. 2018-10-28 02:58:15 +00:00
libcompiler_rt Merge ^/head r357662 through r357854. 2020-02-13 12:52:24 +00:00
libcrypt Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libcuse Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libcxxrt Revert r353140: Re-add ALLOW_MIPS_SHARED_TEXTREL, sprinkle it around 2020-01-14 17:50:13 +00:00
libdevctl Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libdevdctl libdevdctl: g++9 avoid Wdeprecated-copy 2019-12-21 02:44:26 +00:00
libdevinfo Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libdevstat Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libdl
libdpv Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libdwarf Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libedit Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libefivar Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libelf Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libelftc Update ELF Tool Chain to upstream r3769 2019-12-05 13:20:15 +00:00
libevent1 rename in-tree libevent v1 to libevent1 2020-05-28 22:05:50 +00:00
libexecinfo Move all sources from the llvm project into contrib/llvm-project. 2019-12-20 19:53:05 +00:00
libexpat Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libfetch fetch(3): plug some leaks 2020-02-21 18:21:57 +00:00
libfigpar Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libgcc_eh Revert r353140: Re-add ALLOW_MIPS_SHARED_TEXTREL, sprinkle it around 2020-01-14 17:50:13 +00:00
libgcc_s Remove the SYMVER build option. 2020-04-30 22:08:40 +00:00
libgeom Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libgpio Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libgssapi Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libiconv_modules
libifconfig libifconfig: remove redundant NULL check 2020-05-27 18:26:10 +00:00
libipsec Remove support for IPsec algorithms deprecated in r348205 and r360202. 2020-05-02 00:06:58 +00:00
libipt Update Intel Processor Trace decoder library. 2019-10-10 12:46:34 +00:00
libjail libjail: Handle an error from reallocarray() when trimming the buffer. 2020-01-07 21:44:27 +00:00
libkiconv pkgbase: Put a lot of binaries and lib in FreeBSD-runtime 2019-09-05 14:13:08 +00:00
libkvm Merge ^/head r358000 through r358048. 2020-02-17 20:27:05 +00:00
libldns Update Makefile.depend files 2019-12-11 17:37:53 +00:00
liblua liblua: ensure that "require" will fail in bootstrap flua 2020-04-29 13:41:32 +00:00
liblutok Add liblutok a lightweight C++ API for lua. 2020-03-23 18:26:23 +00:00
liblzma MFV r359197: xz 5.2.5. 2020-03-22 01:27:38 +00:00
libmagic MFV r357712: file 5.38. 2020-02-11 07:02:48 +00:00
libmd ANSIfy and KNF function arg definitions in libmd/md4.c 2020-04-03 20:56:43 +00:00
libmemstat Merge ^/head r358075 through r358130. 2020-02-19 21:03:06 +00:00
libmilter Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libmp Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libmt Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libnetbsd Make timespecadd(3) and friends public 2018-07-30 15:46:40 +00:00
libnetgraph Fix SYNPOSIS section to point to the proper include directive. 2020-05-15 12:04:39 +00:00
libngatm Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libnv Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libomp Update build glue for libomp. 2020-01-27 18:04:28 +00:00
libopenbsd Allow bootstrapping libopenbsd on Linux 2018-12-05 10:58:02 +00:00
libopencsd Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libopie Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libpam pkgbase: Move telnetd and ftpd pam file to the utilities package 2020-03-24 01:08:06 +00:00
libpathconv
libpcap MFV r353141 (by phillip): 2019-12-21 21:01:03 +00:00
libpe
libpjdlog pkgbase: Create a FreeBSD-utilities package and make it the default one 2019-09-05 14:15:47 +00:00
libpmc Map family 0x5F (Denverton) to goldmont. 2020-04-24 16:05:35 +00:00
libpmcstat pmc: Add include path for libpmcstat as it is an internallib 2020-03-25 01:32:16 +00:00
libproc Re-enable proc_test:symbol_lookup after r360979. 2020-05-12 17:05:55 +00:00
libprocstat libprocstat: try to fix fallout from r361363 2020-05-24 14:54:21 +00:00
libradius libradius: Rip out dubious use of srandomdev(3)+random(3) 2019-12-13 04:55:17 +00:00
libregex Further normalize copyright notices 2019-09-26 16:19:22 +00:00
librpcsec_gss
librpcsvc Update Makefile.depend files 2019-12-11 17:37:53 +00:00
librss Update Makefile.depend files 2019-12-11 17:37:53 +00:00
librt pkgbase: Create a FreeBSD-utilities package and make it the default one 2019-09-05 14:15:47 +00:00
librtld_db librtld_db: Fix shlib mapping offsets. 2020-05-12 17:00:47 +00:00
libsbuf Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libsdp Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libsecureboot Improve interaction of vectx and tftp 2020-04-07 16:56:34 +00:00
libsm
libsmb Move nsmb.conf to lib/libsmb/ 2018-09-20 09:31:27 +00:00
libsmdb
libsmutil
libsqlite3 Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libssp libssp: don't compile with -fstack-protector* 2020-03-14 15:15:27 +00:00
libssp_nonshared Provide libssp based on libc 2020-01-04 20:19:25 +00:00
libstats Make use of the stats(3) framework in the TCP stack. 2019-12-02 20:58:04 +00:00
libstdbuf
libstdthreads Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libsysdecode Retire procfs-based process debugging. 2020-04-01 19:22:09 +00:00
libtacplus libtacplus: Remove bogus srandomdev+random 2019-12-13 05:11:34 +00:00
libtelnet
libthr Revert r361770 "Add pthread_getname_np() and pthread_setname_np() aliases" for now. 2020-06-04 09:06:03 +00:00
libthread_db Remove libthr, csu, libthread_db and testfloat sparc64 specific directories. 2020-02-27 04:44:58 +00:00
libucl Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libufs Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libugidfw Deduplicate fsid comparisons 2020-05-21 01:55:35 +00:00
libulog Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libunbound MFV r361322: 2020-05-21 21:00:46 +00:00
libusb Merge ^/head r358832 through r358848. 2020-03-10 17:49:09 +00:00
libusbhid Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libutil login.conf(5): split MAIL env var out into a "mail" capability 2020-02-05 04:17:14 +00:00
libveriexec Do not claim libbearssl et al are INTERNALLIB 2020-04-01 05:45:12 +00:00
libvgl Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libvmmapi vmm(4), bhyve(8): Expose kernel-emulated special devices to userspace 2020-05-15 15:54:22 +00:00
libwrap Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libxo Fix installation of libxo encoder modules. 2020-05-31 17:20:17 +00:00
liby
libypclnt Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libz Generate zlib.pc from source. 2020-05-12 01:47:33 +00:00
libzstd Update to Zstandard 1.4.5 2020-05-23 21:23:46 +00:00
msun Remove tests for obsolete compilers in the build system 2020-05-12 15:22:40 +00:00
ncurses ncurses: bump shlib number to version 9 2020-02-20 09:12:07 +00:00
ofed Update Makefile.depend files 2019-12-11 17:37:53 +00:00
tests
Makefile rename in-tree libevent v1 to libevent1 2020-05-28 22:05:50 +00:00
Makefile.inc