#
293246 |
|
06-Jan-2016 |
ngie |
MFC r292530,r292546:
r292530:
- Use 1 for an exit code instead of -1 with err, errx, and exit - Add unistd.h for getuid(3) - Sort #includes
r292546:
- Convert testcase to TAP format - Use nitems(x) instead of handrolled sizeof(x) / sizeof(*x) macro - Do not mark count != 0 case with bsde_get_rule_count as a failure; this generates false positives on systems with ugidfw rules set on it
|
#
157986 |
|
23-Apr-2006 |
dwmalone |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type
We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work.
These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect.
Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
|