#
307715 |
|
21-Oct-2016 |
ngie |
MFC r305916,r305918:
r305916:
Make sure $TMPDIR is created with 0755 permissions
This is required to ensure that the temporary script can be executed, as the default mode is apparently too restrictive
r305918:
Only chmod $TMPDIR if it's not /tmp
This is a safety belt to ensure that the /tmp sticky bit stuff doesn't get whacked by accident if someone runs the script outright
|
#
157986 |
|
23-Apr-2006 |
dwmalone |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type
We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work.
These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect.
Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
|