freebsd-skq/usr.sbin
David Malone 89ddbd45e5 Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
	objects: ranges of uid, ranges of gid, filesystem,
		object is suid, object is sgid, object matches subject uid/gid
		object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
2006-04-23 17:06:18 +00:00
..
ac
accton
acpi Catch up with ACPI-CA 20051021 import 2005-11-01 22:44:08 +00:00
adduser Honour the "uuid" directive in adduser.conf 2006-01-22 18:37:51 +00:00
amd Folded WITH_HESIOD_SUPPORT into WITH_HESIOD. 2006-03-21 09:00:51 +00:00
ancontrol
apm Make apm(8) understand AC Line state 2 as "backup power". 2005-05-30 18:44:43 +00:00
apmd POWERSTATECHANGE was misspelled. 2005-03-24 01:26:40 +00:00
arlcontrol Remove unused variables 2005-05-20 12:44:04 +00:00
arp Refuse to install invalid ARP entries. 2006-02-09 12:49:39 +00:00
asf Initialize uninitialized variables. 2005-09-21 05:33:46 +00:00
atm
audit Enable building of OpenBSM command line tools: 2006-02-02 10:15:30 +00:00
auditd Enable building of OpenBSM command line tools: 2006-02-02 10:15:30 +00:00
auditreduce Enable building of OpenBSM command line tools: 2006-02-02 10:15:30 +00:00
authpf Use libutil in DPADD as well. 2005-05-04 08:57:12 +00:00
bluetooth Properly map mouse buttons 2006-03-21 18:42:52 +00:00
boot0cfg Attempt gctl verb "write MBR" when updating. 2005-07-15 08:04:32 +00:00
boot98cfg Merged from boot0cfg. 2005-07-15 15:32:52 +00:00
bootparamd Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
bsnmpd Add missing library dependencies. 2006-04-13 12:49:24 +00:00
btxld An old patch from Dan Lukes <dan at obluda.cz>: 2006-01-23 13:55:32 +00:00
burncd - Remove MLINKS to nonexistant manpages 2005-07-14 20:29:08 +00:00
cdcontrol Use the new name H_SETSIZE instead of the old H_EVENT to set the history 2005-10-19 15:37:43 +00:00
chkgrp Fix a bug introduced in revision 1.9 which causes chkgrp to coredump on 2005-08-25 17:01:06 +00:00
chown
chroot
ckdist
config Document the two argument form of the "machine" directive. 2006-02-12 07:56:11 +00:00
cron /etc/crontab is similar enough to parse as correct if you run 2006-01-10 05:56:32 +00:00
crunch Bump .Dd before I get told off. 2005-12-23 15:33:31 +00:00
ctm
daemon Teach daemon(8) how to use pidfile(3). 2005-08-24 17:24:39 +00:00
dconschat Fix typos in comments. 2005-03-11 14:20:09 +00:00
devinfo Follow the rules for the .Dd macro use: use unabbreviated month names. 2005-11-28 13:51:36 +00:00
digictl
diskinfo
dnssec-keygen Disable thread support in BIND. It appears to reduce performance rather 2005-07-25 14:44:11 +00:00
dnssec-signzone Disable thread support in BIND. It appears to reduce performance rather 2005-07-25 14:44:11 +00:00
editmap Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
edquota
eeprom
elf2exe
extattr
extattrctl
faithd fixed a possible reference to a broken memory 2005-05-02 07:44:24 +00:00
fdcontrol Make fdcontrol work again. It has been broken for a while. It tries 2005-10-26 22:23:52 +00:00
fdformat The default fill byte is 0xf6, not 0xf5. 2005-11-03 07:28:46 +00:00
fdread fdread cannot work without opening the /dev/fd node in O_RDWR mode now, 2005-10-26 22:28:38 +00:00
fdwrite
flowctl Implement "verbose" optional keyword for "show" command. This is analog 2005-03-23 09:40:18 +00:00
fwcontrol Remove unused variables. Shorten the path to a WARNS=6 compliance. 2005-05-20 12:50:47 +00:00
getfmac
getpmac
gstat Add cross-references to iostat, systat and vmstat. 2005-05-27 00:21:12 +00:00
i4b Include <osreldate.h> at the top of the file. 2005-09-12 16:06:15 +00:00
ifmcstat
inetd Update a couple of comments relating to RFCs. 2006-04-17 19:55:25 +00:00
iostat o De-register local vars. 2006-04-16 22:30:24 +00:00
ip6addrctl
ipfwpcap Add a small tool which captures packets on a DIVERT socket and writes 2005-10-17 20:27:15 +00:00
IPXrouted Declare iftraceinit() at file scope. 2005-08-05 07:17:23 +00:00
jail o Do not mangle current session user login name with jail -u|-U. 2006-04-16 12:32:04 +00:00
jexec Add -u and -U which functions like the jail(8) that allow 2006-04-19 10:12:10 +00:00
jls Sync code with the error report: calloc(number, 1) is equivalent to 2005-08-19 11:03:49 +00:00
kbdcontrol Reveal sacred spells necessary for putting kbdmux(4) to real use. 2005-12-29 20:11:46 +00:00
kbdmap Fix -r causing SIGSEGV due to parse_args() being called before font_current is set. 2006-01-09 19:54:28 +00:00
kernbb
keyserv
kgmon
kgzip
kldxref Use posix_memalign() rather than assuming that malloc() provides adequate 2006-01-12 08:01:38 +00:00
lastlogin
lmcconfig [mdoc] add missing space before a punctuation type argument. 2005-12-13 17:07:52 +00:00
lpr Rever the previous changes. It turns out that it perfectly correct 2006-03-09 19:52:44 +00:00
lptcontrol
mailstats Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
mailwrapper Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
makemap Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
manctl
memcontrol Correct formatting of pointers in the listing by using "0x%" PRIx64 instead of 2005-03-29 20:17:47 +00:00
mergemaster Add a -A argument to mergemaster to allow explicitly specifying an 2006-02-04 18:24:06 +00:00
mixer - Fix possible memory leak due to repetetive strdup(3) without matching 2006-01-01 20:19:49 +00:00
mld6query
mlxcontrol
mount_nwfs
mount_portalfs Markup fixes. 2005-06-14 12:26:36 +00:00
mount_smbfs Convert mount_smbfs to use nmount(). 2005-11-16 02:47:12 +00:00
mountd Use ".Pa" for path names. 2006-01-29 08:44:05 +00:00
moused Replace the guts of usbmodule() with calls to the new kld(3) functions. 2006-02-18 11:26:36 +00:00
mptable
mrouted Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
mtest
mtree If we fail in chown(2), try to just change the group and continue on to 2005-08-11 15:43:55 +00:00
named Disable thread support in BIND. It appears to reduce performance rather 2005-07-25 14:44:11 +00:00
named-checkconf Disable thread support in BIND. It appears to reduce performance rather 2005-07-25 14:44:11 +00:00
named-checkzone Disable thread support in BIND. It appears to reduce performance rather 2005-07-25 14:44:11 +00:00
named.reload
ndiscvt Clean up and apply the fix for PR 83477. The calculation for locating 2005-10-26 18:46:27 +00:00
ndp -mdoc sweep. 2005-11-18 10:56:28 +00:00
newsyslog Improve error-handling related to the fork() done to compress files after 2006-01-20 05:18:01 +00:00
nfsd Previous revision was broken on SPARC, fix it by using more appropriate type. 2005-12-21 10:12:05 +00:00
ngctl
nghook
nologin
ntp Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
ofwdump
pccard Remove now redundant NO_SHARED. 2005-10-17 15:28:25 +00:00
pciconf Use larger buffers to read lines from the vendor list. 2005-08-18 11:11:40 +00:00
pcvt Remove the vttest program. It lives in ports/sysutils/vttest now. 2005-07-21 16:40:40 +00:00
periodic
pkg_install Add INDEX-7 and remove trailing spaces. 2006-04-17 11:15:29 +00:00
pmccontrol Fix pmccontrol(8) on Intel Xeon's running in 64 bit mode. 2006-02-27 14:25:32 +00:00
pmcstat When printing a map, print the number of samples recorded by each gmon.out file. 2006-04-05 15:12:25 +00:00
pnpinfo
portsnap Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
powerd Back out revs 1.18 and 1.19; they were based on incorrect assumptions. 2006-02-19 00:40:28 +00:00
ppp Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
pppctl
pppd Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
pppstats Remove libz and pppd redundancy 2005-06-03 15:25:13 +00:00
praliases Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
praudit Enable building of OpenBSM command line tools: 2006-02-02 10:15:30 +00:00
procctl
pstat Print (total - used) as the amount of available swap for a swap device 2005-11-17 19:31:52 +00:00
pw Change /home symbolic link, so it will point to usr/home instead of /usr/home. 2005-07-31 08:25:53 +00:00
pwd_mkdb Correctly handle an input file without a newline on the last line (and 2005-06-15 10:13:04 +00:00
quot The quot command expected all inodes contents to be valid, however 2006-02-25 23:50:15 +00:00
quotaon
rarpd
raycontrol
repquota
rip6query NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines 2005-05-13 16:31:11 +00:00
rmt Remove rexecd(8), a server that implements a particularly insecure 2005-06-10 20:52:36 +00:00
rndc Disable thread support in BIND. It appears to reduce performance rather 2005-07-25 14:44:11 +00:00
rndc-confgen Disable thread support in BIND. It appears to reduce performance rather 2005-07-25 14:44:11 +00:00
route6d
rpc.lockd When a user is in more than 16 groups the call to authunix_create() will 2005-11-17 12:19:19 +00:00
rpc.statd
rpc.umntall Use clnt_create_timed() instead of clnt_create(). The former has an 2005-05-27 00:05:16 +00:00
rpc.yppasswdd Use socklen_t in place of socket operations, instead of int 2005-05-02 14:02:43 +00:00
rpc.ypupdated
rpc.ypxfrd
rpcbind Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
rrenumd
rtadvd avoid heap overrun 2006-03-23 14:39:38 +00:00
rtprio
rtsold fixed a potential memory leak 2006-03-24 23:59:51 +00:00
rwhod - Avoid a memory leak if realloc(3) fails by using reallocf(3) 2005-06-03 17:38:33 +00:00
sa
sade Fix minimal installation check. 'X' was not displayed when it was selected. 2006-04-14 18:18:43 +00:00
sendmail Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
setfmac
setpmac
sicontrol
sliplogin Remove an unused variable and a useless getuid() declaration. 2005-04-09 15:00:51 +00:00
slstat Correct xref to systat(1) which was mispelled as ststat(1) in 1.5. 2005-11-29 16:33:44 +00:00
smbmsg
snapinfo Fix version number when the feature was added. 2006-03-23 07:55:33 +00:00
spkrtest
spray
sysinstall Fix copy-and-pasto in comment. 2006-04-14 18:34:57 +00:00
syslogd Add the ability to log to an arbitrary udp port as well as the 2006-04-17 20:12:35 +00:00
tcpdchk Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
tcpdmatch Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
tcpdrop - Remove MLINKS to nonexistant manpages 2005-07-14 20:29:08 +00:00
tcpdump Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
timed
traceroute
traceroute6 - Fix: documentation for -m option was inserted halfway thru the text of -l 2006-01-10 16:03:37 +00:00
trpt
tzsetup
ugidfw Add some new options to mac_bsdestended. We can now match on: 2006-04-23 17:06:18 +00:00
usbdevs
vidcontrol Fix so that color changes are not lost when the video mode changes. 2005-09-17 12:52:04 +00:00
vipw s/insure/ensure/ in previous commit. My dictionary and m-w.com say they 2005-10-28 22:47:40 +00:00
vnconfig Style: NO_MAN doesn't need any value. 2006-03-15 10:46:38 +00:00
watch Close the tty file descriptor once we're done with it. 2005-09-21 14:30:14 +00:00
watchdogd Fix usage(). 2006-03-06 07:42:52 +00:00
wicontrol Spell powersavesleep correctly. 2005-08-22 09:59:13 +00:00
wlandebug Style: NO_MAN doesn't need any value. 2006-03-15 10:46:38 +00:00
wlconfig
wpa add debug msg 2006-04-20 05:03:21 +00:00
yp_mkdb
ypbind
yppoll
yppush (handler): When exitting upon an abnormal signal, yppush_exit() should not 2005-04-12 15:02:57 +00:00
ypserv - Let make(1) track dependencies and regen netid map when needed. 2006-04-13 13:03:35 +00:00
ypset
zic
zzz
Makefile libc_r is no longer provided, and on alpha and sparc64, libthr 2006-04-12 19:52:34 +00:00
Makefile.inc