298107 |
16-Apr-2016 |
gjb |
Merge the projects/release-pkg branch to head.
This allows packaging the base system with pkg(8), including but not limited to providing the ability to provide upstream binary update possibilities for non-tier-1 architectures.
This merge is a requirement of the 11.0-RELEASE, and as such, thank you to everyone that has tested the project branch.
Documentation in build(7) etc. is still somewhat sparse, but updates to those parts will follow.
Sponsored by: The FreeBSD Foundation
|
157986 |
23-Apr-2006 |
dwmalone |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type
We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work.
These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect.
Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
|
145140 |
16-Apr-2005 |
rwatson |
When parsing the second {uid,gid} in an identity phrase for ugidfw, check the password or group database before attempting to parse as an integer, as is done for the first {uid,gid} in an identity phrase.
Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA
|
126217 |
25-Feb-2004 |
rwatson |
Add bsde_add_rule(), which is similar to bsde_set_rule() except that the caller does not specify the rule number -- instead, the kernel module is probed for the next available rule, which is then used.
Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
|
101206 |
02-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Provide a library to manage user file system firewall-like rules supported by the mac_bsdextended.ko security model. The kernel module exports the current rule set using sysctl, and this library provides a front end that includes support for retrieving and setting rules, as well as printing and parsing them.
Note: as with other userland components, this is a WIP. However, when used in combination with the soon-to-be-committed ugidfw, it can actually be quite useful in multi-user environments to allow the administrator to limit inter-user file operations without resorting to heavier weight labeled security policies.
Obtained form: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|