| #
336040 |
|
06-Jul-2018 |
jamie |
MFC r335921:
Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
sockstat(1), ugidfw(8)
These are the last of the jail-aware userland utilities that didn't work
with names.
PR: 229266
Differential Revision: D16047
|
| #
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit
message was thus wrong. In addition it broke arm, and merged crypto
related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since
MFCed. This revert also skips files that require $FreeBSD$ property
changes.
Thank you to those who helped me get out of this mess including but not
limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
| #
330897 |
|
14-Mar-2018 |
eadler |
Partial merge of the SPDX changes
These changes are incomplete but are making it difficult
to determine what other changes can/should be merged.
No objections from: pfg
|
| #
325461 |
|
05-Nov-2017 |
ngie |
MFC r324928,r324929:
r324928:
Remove dead stores
The return value of various snprintf calls was stored in `len` and not used
in many functions.
r324929:
Clean up trailing whitespace
|
| #
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.
Additional commits post-branch will follow.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation |
| #
288389 |
|
29-Sep-2015 |
bdrewery |
Fix 'ugidfw remove' after r284251 incorrectly changed it.
The sysctl_rule() node removes entries when given a newptr and newlen == 0.
|
| #
284745 |
|
24-Jun-2015 |
araujo |
Set some internal helpers as static and initialize few variables to silence
CLANG WARNINGS.
BUMP SHLIB_MAJOR version as the ABI potentially changed.
Also run an 'exp run' to double check if any external project are using
those functions. Thanks antoine@.
PR: 200807
Differential Revision: D2775
Reviewed by: kib, ngie
|
| #
284251 |
|
10-Jun-2015 |
araujo |
Remove unnecessary variable and fix the usage of sysctl(3).
Differential Revision: D2733
Reviewed by: ngie, kib
|
| #
283974 |
|
04-Jun-2015 |
araujo |
Remove unused variables and silence clang warnings.
Differential Revision: D2686
Reviewed by: rodrigc
|
| #
216953 |
|
04-Jan-2011 |
emaste |
Quiet clang warnings by using string literal format strings.
|
| #
201321 |
|
30-Dec-2009 |
ed |
Remove an unused variable.
|
| #
157986 |
|
23-Apr-2006 |
dwmalone |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
|
| #
145432 |
|
23-Apr-2005 |
trhodes |
Fix two typos in comments.
|
| #
145140 |
|
16-Apr-2005 |
rwatson |
When parsing the second {uid,gid} in an identity phrase for ugidfw,
check the password or group database before attempting to parse as an
integer, as is done for the first {uid,gid} in an identity phrase.
Obtained from: TrustedBSD Project
Sponsored by: SPAWAR, SPARTA
|
| #
144210 |
|
28-Mar-2005 |
pjd |
Properly return rule number.
Submitted by: Wojciech A. Koszek
PR: bin/79292
MFC after: 1 week
|
| #
136740 |
|
21-Oct-2004 |
rwatson |
Modify libugidfw(3) to use MBI_* permission flags from mac_bsdextended.h
instead of using the V* permission flags from vnode.h. Remove include
of vnode.h.
Requested by: phk
|
| #
126835 |
|
11-Mar-2004 |
bde |
Fixed misspellings of 0 as NULL.
|
| #
126217 |
|
25-Feb-2004 |
rwatson |
Add bsde_add_rule(), which is similar to bsde_set_rule() except that
the caller does not specify the rule number -- instead, the kernel
module is probed for the next available rule, which is then used.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
|
| #
106573 |
|
07-Nov-2002 |
rwatson |
License and blurb update authorized by Network Associates.
|
| #
104038 |
|
27-Sep-2002 |
rwatson |
Use size_t instead of int for len variables passed in/out of sysctl.
Pointed out by: jake
|
| #
101885 |
|
14-Aug-2002 |
rwatson |
Use "ugidfw.h" rather than <ugidfw.h> so that mkdep can find it.
Suggested by: mike
|
| #
101206 |
|
02-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Provide a library to manage user file system firewall-like rules
supported by the mac_bsdextended.ko security model. The kernel
module exports the current rule set using sysctl, and this
library provides a front end that includes support for retrieving
and setting rules, as well as printing and parsing them.
Note: as with other userland components, this is a WIP. However,
when used in combination with the soon-to-be-committed ugidfw,
it can actually be quite useful in multi-user environments to
allow the administrator to limit inter-user file operations without
resorting to heavier weight labeled security policies.
Obtained form: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
|