| 272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| 256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| 210641 |
30-Jul-2010 |
uqs |
Fix a couple of typos.
PR: docs/148891
Submitted by: olgeni
MFC after: 1 week
|
| 186480 |
24-Dec-2008 |
rwatson |
In ugidfw(8), print the rule number and rule contents (as parsed and then
regenerated in libugidfw) rather than simply printing that the rule was
added with only the number. This makes ugidfw(8) behave a bit more like
ipfw(8), and also means that the administrator sees how the rule was
interpreted once uids/gids/etc were processed.
Obtained from: TrustedBSD Project
|
| 157986 |
23-Apr-2006 |
dwmalone |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
|
| 148240 |
21-Jul-2005 |
avatar |
Fixing an off-by-one error which results in 'ugidfw list' to complain about
"Data error in security.mac.bsdextended.rules.N: Unknown error: 0."
Reviewed by: rwatson
MFC after: 3 days
|
| 140343 |
16-Jan-2005 |
charnier |
Add prototypes and remove unused variables for WARNS=6 compliance. Add
'usage: ' in front of usage string. Use warnx(3) instead of fprintf in error
messages to get progname prepended.
|
| 139951 |
10-Jan-2005 |
trhodes |
Wording nit.
|
| 136741 |
21-Oct-2004 |
rwatson |
Remove unnecessary include of vnode.h.
Requested by: phk
|
| 131500 |
02-Jul-2004 |
ru |
Mechanically kill hard sentence breaks.
|
| 126218 |
25-Feb-2004 |
rwatson |
Add an 'add' command to ugidfw(8), which permits specifying a new
rule without explicitly specifying a new rule number.
Update copyrights, remove license clause three.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
|
| 113091 |
04-Apr-2003 |
obrien |
style.Makefile(5)
|
| 107778 |
12-Dec-2002 |
ru |
mdoc(7) police: markup overhaul.
Approved by: re
|
| 105547 |
20-Oct-2002 |
chris |
Stick .Os between .Dd and .Dt
|
| 105381 |
18-Oct-2002 |
chris |
Cosmetic line-wrapping change that has the side-effect of not producing
the (incorrectly-spaced) output "... Network Associates Inc. under ..."
|
| 105380 |
18-Oct-2002 |
chris |
Remove a superfluous line containing only `.'
|
| 105361 |
17-Oct-2002 |
chris |
Activate ugidfw.8 man page.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
|
| 105303 |
17-Oct-2002 |
chris |
Add a man page for ugidfw(8).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
|
| 101224 |
02-Aug-2002 |
rwatson |
Add a libnames entry for libugidfw.
Add a DPADD line for ${LIBUGIDFW} for ugidfw.
Submitted by: ru
|
| 101209 |
02-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Provide ugidfw, a utility to manage the ruleset provided by
mac_bsdextended. Similar to ipfw, only for uids/gids and files.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
|