#
336040 |
|
06-Jul-2018 |
jamie |
MFC r335921:
Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8), sockstat(1), ugidfw(8) These are the last of the jail-aware userland utilities that didn't work with names.
PR: 229266 Differential Revision: D16047
|
#
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes.
Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
#
330897 |
|
14-Mar-2018 |
eadler |
Partial merge of the SPDX changes
These changes are incomplete but are making it difficult to determine what other changes can/should be merged.
No objections from: pfg
|
#
325461 |
|
05-Nov-2017 |
ngie |
MFC r324928,r324929:
r324928:
Remove dead stores
The return value of various snprintf calls was stored in `len` and not used in many functions.
r324929:
Clean up trailing whitespace
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
288389 |
|
29-Sep-2015 |
bdrewery |
Fix 'ugidfw remove' after r284251 incorrectly changed it.
The sysctl_rule() node removes entries when given a newptr and newlen == 0.
|
#
284745 |
|
24-Jun-2015 |
araujo |
Set some internal helpers as static and initialize few variables to silence CLANG WARNINGS. BUMP SHLIB_MAJOR version as the ABI potentially changed.
Also run an 'exp run' to double check if any external project are using those functions. Thanks antoine@.
PR: 200807 Differential Revision: D2775 Reviewed by: kib, ngie
|
#
284251 |
|
10-Jun-2015 |
araujo |
Remove unnecessary variable and fix the usage of sysctl(3).
Differential Revision: D2733 Reviewed by: ngie, kib
|
#
283974 |
|
04-Jun-2015 |
araujo |
Remove unused variables and silence clang warnings.
Differential Revision: D2686 Reviewed by: rodrigc
|
#
216953 |
|
04-Jan-2011 |
emaste |
Quiet clang warnings by using string literal format strings.
|
#
201321 |
|
30-Dec-2009 |
ed |
Remove an unused variable.
|
#
157986 |
|
23-Apr-2006 |
dwmalone |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type
We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work.
These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect.
Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
|
#
145432 |
|
23-Apr-2005 |
trhodes |
Fix two typos in comments.
|
#
145140 |
|
16-Apr-2005 |
rwatson |
When parsing the second {uid,gid} in an identity phrase for ugidfw, check the password or group database before attempting to parse as an integer, as is done for the first {uid,gid} in an identity phrase.
Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA
|
#
144210 |
|
28-Mar-2005 |
pjd |
Properly return rule number.
Submitted by: Wojciech A. Koszek PR: bin/79292 MFC after: 1 week
|
#
136740 |
|
21-Oct-2004 |
rwatson |
Modify libugidfw(3) to use MBI_* permission flags from mac_bsdextended.h instead of using the V* permission flags from vnode.h. Remove include of vnode.h.
Requested by: phk
|
#
126835 |
|
11-Mar-2004 |
bde |
Fixed misspellings of 0 as NULL.
|
#
126217 |
|
25-Feb-2004 |
rwatson |
Add bsde_add_rule(), which is similar to bsde_set_rule() except that the caller does not specify the rule number -- instead, the kernel module is probed for the next available rule, which is then used.
Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
|
#
106573 |
|
07-Nov-2002 |
rwatson |
License and blurb update authorized by Network Associates.
|
#
104038 |
|
27-Sep-2002 |
rwatson |
Use size_t instead of int for len variables passed in/out of sysctl.
Pointed out by: jake
|
#
101885 |
|
14-Aug-2002 |
rwatson |
Use "ugidfw.h" rather than <ugidfw.h> so that mkdep can find it.
Suggested by: mike
|
#
101206 |
|
02-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Provide a library to manage user file system firewall-like rules supported by the mac_bsdextended.ko security model. The kernel module exports the current rule set using sysctl, and this library provides a front end that includes support for retrieving and setting rules, as well as printing and parsing them.
Note: as with other userland components, this is a WIP. However, when used in combination with the soon-to-be-committed ugidfw, it can actually be quite useful in multi-user environments to allow the administrator to limit inter-user file operations without resorting to heavier weight labeled security policies.
Obtained form: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|