| #
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation |
| #
186480 |
|
24-Dec-2008 |
rwatson |
In ugidfw(8), print the rule number and rule contents (as parsed and then
regenerated in libugidfw) rather than simply printing that the rule was
added with only the number. This makes ugidfw(8) behave a bit more like
ipfw(8), and also means that the administrator sees how the rule was
interpreted once uids/gids/etc were processed.
Obtained from: TrustedBSD Project
|
| #
157986 |
|
23-Apr-2006 |
dwmalone |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
|
| #
148240 |
|
21-Jul-2005 |
avatar |
Fixing an off-by-one error which results in 'ugidfw list' to complain about
"Data error in security.mac.bsdextended.rules.N: Unknown error: 0."
Reviewed by: rwatson
MFC after: 3 days
|
| #
140343 |
|
16-Jan-2005 |
charnier |
Add prototypes and remove unused variables for WARNS=6 compliance. Add
'usage: ' in front of usage string. Use warnx(3) instead of fprintf in error
messages to get progname prepended.
|
| #
136741 |
|
21-Oct-2004 |
rwatson |
Remove unnecessary include of vnode.h.
Requested by: phk
|
| #
126218 |
|
25-Feb-2004 |
rwatson |
Add an 'add' command to ugidfw(8), which permits specifying a new
rule without explicitly specifying a new rule number.
Update copyrights, remove license clause three.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
|
| #
101209 |
|
02-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Provide ugidfw, a utility to manage the ruleset provided by
mac_bsdextended. Similar to ipfw, only for uids/gids and files.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
|