1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-28 11:57:28 +00:00
Commit Graph

17 Commits

Author SHA1 Message Date
Robert Watson
a8879d0d7d In ugidfw(8), print the rule number and rule contents (as parsed and then
regenerated in libugidfw) rather than simply printing that the rule was
added with only the number.  This makes ugidfw(8) behave a bit more like
ipfw(8), and also means that the administrator sees how the rule was
interpreted once uids/gids/etc were processed.

Obtained from:	TrustedBSD Project
2008-12-24 22:40:13 +00:00
David Malone
89ddbd45e5 Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
	objects: ranges of uid, ranges of gid, filesystem,
		object is suid, object is sgid, object matches subject uid/gid
		object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
2006-04-23 17:06:18 +00:00
Tai-hwa Liang
c649c6900b Fixing an off-by-one error which results in 'ugidfw list' to complain about
"Data error in security.mac.bsdextended.rules.N: Unknown error: 0."

Reviewed by:	rwatson
MFC after:	3 days
2005-07-21 13:23:23 +00:00
Philippe Charnier
e05179a4c3 Add prototypes and remove unused variables for WARNS=6 compliance. Add
'usage: ' in front of usage string. Use warnx(3) instead of fprintf in error
messages to get progname prepended.
2005-01-16 10:49:48 +00:00
Tom Rhodes
a3fe8ea3ed Wording nit. 2005-01-10 00:35:54 +00:00
Robert Watson
9dc981da8d Remove unnecessary include of vnode.h.
Requested by:	phk
2004-10-21 11:22:07 +00:00
Ruslan Ermilov
07bfccd71e Mechanically kill hard sentence breaks. 2004-07-02 23:13:00 +00:00
Robert Watson
ae5fbd9b53 Add an 'add' command to ugidfw(8), which permits specifying a new
rule without explicitly specifying a new rule number.

Update copyrights, remove license clause three.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-25 03:59:56 +00:00
David E. O'Brien
052238b16c style.Makefile(5) 2003-04-04 17:49:21 +00:00
Ruslan Ermilov
ee8e7f9d42 mdoc(7) police: markup overhaul.
Approved by:	re
2002-12-12 14:09:25 +00:00
Chris Costello
0540c0eb2a Stick .Os between .Dd and .Dt 2002-10-20 19:45:39 +00:00
Chris Costello
e5900bcbeb Cosmetic line-wrapping change that has the side-effect of not producing
the (incorrectly-spaced) output "... Network Associates Inc.  under ..."
2002-10-18 05:31:39 +00:00
Chris Costello
c5ad2cad9e Remove a superfluous line containing only `.' 2002-10-18 05:29:39 +00:00
Chris Costello
6dde49132e Activate ugidfw.8 man page.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-10-17 22:43:11 +00:00
Chris Costello
fb8085a281 Add a man page for ugidfw(8).
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-10-17 01:54:37 +00:00
Robert Watson
4fd65a06f9 Add a libnames entry for libugidfw.
Add a DPADD line for ${LIBUGIDFW} for ugidfw.

Submitted by:	ru
2002-08-02 13:37:57 +00:00
Robert Watson
34d26f04c3 Introduce support for Mandatory Access Control and extensible
kernel access control.

Provide ugidfw, a utility to manage the ruleset provided by
mac_bsdextended.  Similar to ipfw, only for uids/gids and files.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 07:14:22 +00:00