186480 |
24-Dec-2008 |
rwatson |
In ugidfw(8), print the rule number and rule contents (as parsed and then regenerated in libugidfw) rather than simply printing that the rule was added with only the number. This makes ugidfw(8) behave a bit more like ipfw(8), and also means that the administrator sees how the rule was interpreted once uids/gids/etc were processed.
Obtained from: TrustedBSD Project
|
157986 |
23-Apr-2006 |
dwmalone |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type
We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work.
These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect.
Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
|
126218 |
25-Feb-2004 |
rwatson |
Add an 'add' command to ugidfw(8), which permits specifying a new rule without explicitly specifying a new rule number.
Update copyrights, remove license clause three.
Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
|
101209 |
02-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Provide ugidfw, a utility to manage the ruleset provided by mac_bsdextended. Similar to ipfw, only for uids/gids and files.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|