259065 |
07-Dec-2013 |
gjb |
- Copy stable/10 (r259064) to releng/10.0 as part of the 10.0-RELEASE cycle. - Update __FreeBSD_version [1] - Set branch name to -RC1
[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so start releng/10.0 at '100' so the branch is started with a value ending in zero.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
216953 |
04-Jan-2011 |
emaste |
Quiet clang warnings by using string literal format strings.
|
206622 |
14-Apr-2010 |
uqs |
mdoc: order prologue macros consistently by Dd/Dt/Os
Although groff_mdoc(7) gives another impression, this is the ordering most widely used and also required by mdocml/mandoc.
Reviewed by: ru Approved by: philip, ed (mentors)
|
201381 |
02-Jan-2010 |
ed |
Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and lower it when needed.
I'm setting WARNS?=0 for secure/. It seems secure/ includes the Makefile.inc provided by lib/. I'm not going to touch that directory. Most of the code there is contributed anyway.
|
201321 |
31-Dec-2009 |
ed |
Remove an unused variable.
|
195767 |
19-Jul-2009 |
kensmith |
Bump the version of all non-symbol-versioned shared libraries in preparation for 8.0-RELEASE. Add the previous version of those libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.
Reviewed by: kib Approved by: re (rwatson)
|
169807 |
21-May-2007 |
deischen |
Bump library versions in preparation for 7.0.
Ok'd by: kan
|
157986 |
23-Apr-2006 |
dwmalone |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type
We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work.
These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect.
Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
|
148297 |
22-Jul-2005 |
kensmith |
Bump the shared library version number of all libraries that have not been bumped since RELENG_5.
Reviewed by: ru Approved by: re (not needed for commit check but in principle...)
|
145432 |
23-Apr-2005 |
trhodes |
Fix two typos in comments.
|
145140 |
16-Apr-2005 |
rwatson |
When parsing the second {uid,gid} in an identity phrase for ugidfw, check the password or group database before attempting to parse as an integer, as is done for the first {uid,gid} in an identity phrase.
Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA
|
145139 |
16-Apr-2005 |
rwatson |
In practice, you need to include <sys/types.h> and <security/mac_bsdextended/mac_bsdextended.h> in order to include <ugidfw.h>, so document that.
MFC after: 3 days
|
144212 |
28-Mar-2005 |
pjd |
Fix typo - link for bsde_add_rule(3) manual page was not created.
MFC after: 1 week
|
144210 |
28-Mar-2005 |
pjd |
Properly return rule number.
Submitted by: Wojciech A. Koszek PR: bin/79292 MFC after: 1 week
|
136740 |
21-Oct-2004 |
rwatson |
Modify libugidfw(3) to use MBI_* permission flags from mac_bsdextended.h instead of using the V* permission flags from vnode.h. Remove include of vnode.h.
Requested by: phk
|
131504 |
02-Jul-2004 |
ru |
Mechanically kill hard sentence breaks.
|
131421 |
01-Jul-2004 |
ru |
Markup, grammar, punctuation.
|
126835 |
11-Mar-2004 |
bde |
Fixed misspellings of 0 as NULL.
|
126217 |
25-Feb-2004 |
rwatson |
Add bsde_add_rule(), which is similar to bsde_set_rule() except that the caller does not specify the rule number -- instead, the kernel module is probed for the next available rule, which is then used.
Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
|
115633 |
01-Jun-2003 |
ru |
Assorted mdoc(7) fixes.
|
108878 |
07-Jan-2003 |
chris |
Correct a couple small typos.
Submitted by: Attila Nagy <bra@fsn.hu>
|
108873 |
07-Jan-2003 |
chris |
Document the file system firewall interface library functions.
Sponsored by: DARPA, Network Associates Laboratories
|
106573 |
07-Nov-2002 |
rwatson |
License and blurb update authorized by Network Associates.
|
104073 |
28-Sep-2002 |
peter |
Zap now-unused SHLIB_MINOR
|
104038 |
27-Sep-2002 |
rwatson |
Use size_t instead of int for len variables passed in/out of sysctl.
Pointed out by: jake
|
101885 |
14-Aug-2002 |
rwatson |
Use "ugidfw.h" rather than <ugidfw.h> so that mkdep can find it.
Suggested by: mike
|
101222 |
02-Aug-2002 |
rwatson |
De-gccize CFLAGS by removing it. NOMAN is no longer required when a man page is not yet present.
Submitted by: ru
|
101206 |
02-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Provide a library to manage user file system firewall-like rules supported by the mac_bsdextended.ko security model. The kernel module exports the current rule set using sysctl, and this library provides a front end that includes support for retrieving and setting rules, as well as printing and parsing them.
Note: as with other userland components, this is a WIP. However, when used in combination with the soon-to-be-committed ugidfw, it can actually be quite useful in multi-user environments to allow the administrator to limit inter-user file operations without resorting to heavier weight labeled security policies.
Obtained form: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|