#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
186480 |
|
24-Dec-2008 |
rwatson |
In ugidfw(8), print the rule number and rule contents (as parsed and then regenerated in libugidfw) rather than simply printing that the rule was added with only the number. This makes ugidfw(8) behave a bit more like ipfw(8), and also means that the administrator sees how the rule was interpreted once uids/gids/etc were processed.
Obtained from: TrustedBSD Project
|
#
157986 |
|
23-Apr-2006 |
dwmalone |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type
We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work.
These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect.
Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
|
#
148240 |
|
21-Jul-2005 |
avatar |
Fixing an off-by-one error which results in 'ugidfw list' to complain about "Data error in security.mac.bsdextended.rules.N: Unknown error: 0."
Reviewed by: rwatson MFC after: 3 days
|
#
140343 |
|
16-Jan-2005 |
charnier |
Add prototypes and remove unused variables for WARNS=6 compliance. Add 'usage: ' in front of usage string. Use warnx(3) instead of fprintf in error messages to get progname prepended.
|
#
136741 |
|
21-Oct-2004 |
rwatson |
Remove unnecessary include of vnode.h.
Requested by: phk
|
#
126218 |
|
25-Feb-2004 |
rwatson |
Add an 'add' command to ugidfw(8), which permits specifying a new rule without explicitly specifying a new rule number.
Update copyrights, remove license clause three.
Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
|
#
101209 |
|
02-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Provide ugidfw, a utility to manage the ruleset provided by mac_bsdextended. Similar to ipfw, only for uids/gids and files.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|