1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-18 10:35:55 +00:00
freebsd/sys/modules
Robert Watson 03d031626d A cute yet small MAC policy that provides a simple ACL mechanism to
permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh.  The policy is twiddled using
sysctl(8).  To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired.  This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack.  It appears to work properly in my local configuration,
but needs more broad testing.

A sample policy might be:

  # sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"

This permits uid 425 to bind TCP sockets to ports 79 and 80.  Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-03-02 23:01:42 +00:00
..
3dfx Remove NOMAN 2001-03-27 19:04:09 +00:00
aac Revert the use of -g that leaked in. 2003-02-26 06:56:46 +00:00
accf_data Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
accf_http Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
acpi Add code for ACPI PCI link object manipulation. 2002-10-05 02:01:05 +00:00
agp Split the arch-specific AGP files into the appropriate files.* and do the same 2003-02-14 06:33:52 +00:00
aha Remove NAHA, NAHATOT and aha_softcs and related code. It was unused 2001-02-04 16:45:39 +00:00
aic Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
aic7xxx Update GENSRCS and aicasm options correctly depending on whether register 2003-01-22 21:56:54 +00:00
aio Make AIO a loadable module. 2001-12-29 07:13:47 +00:00
amd Move the amd(4) driver to it's own directory in preparation for it growing 2002-12-13 22:59:18 +00:00
amr (1) added LSI Logic copyright, and legal line 3 in license, and string 2002-10-18 21:29:14 +00:00
an Add card_if.h to SRCS. 2001-11-15 18:59:04 +00:00
aout I completely fubared this. An empty EXPORT_SYMS= is not valid. I know I 2002-09-11 18:03:03 +00:00
apm Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
ar Move the isa parts to a separate file. 2001-04-16 13:20:39 +00:00
arcnet - add support for IPX (tested with mount -t nwfs and mars_nwe), 2003-01-24 01:32:20 +00:00
asr Make an attempt to get the asr driver to compile on Alpha by fixing some i386 2001-04-01 08:33:01 +00:00
atspeaker Rename the speaker device for pc98 to 'pcspeaker'. 2002-10-31 05:19:33 +00:00
aue Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
awi Create a module for awi. 2001-11-19 06:41:04 +00:00
bge Remove miidevs.h and generate it from miidevs at compile time. 2003-01-19 02:59:34 +00:00
bktr Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
bridge Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
cam New SCSI target emulator code 2002-11-22 22:55:51 +00:00
canbepm Add CanBe power management controller support. 2003-02-03 14:46:26 +00:00
canbus Add CanBe power management controller support. 2003-02-03 14:46:26 +00:00
cardbus I don't think that these modules should export symbols at all. All 2002-01-11 20:14:03 +00:00
cbb Fix this pending the decision of which of the redundant 2002-08-27 15:59:19 +00:00
ccd Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
cd9660 Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ciss - Comment a line which sets CISS_DEBUG by default. 2002-10-27 12:09:51 +00:00
cm - generic Arcnet framework 2002-01-08 20:03:13 +00:00
coda Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
coff Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
crypto Module-ize the 'core' crypto stuff. This may still need to be compiled 2002-10-16 14:31:34 +00:00
cryptodev module for /dev/crypto support 2002-10-04 20:35:02 +00:00
cue Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
dc Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
de Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
digi Fix my recent breakage of some modules. 2002-02-15 15:45:34 +00:00
drm Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
dummynet Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ed Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
el Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
em Don't roll our own clean target, the default one 2002-10-27 17:06:03 +00:00
ep Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
exca Module for exca. Eventually, this will be shared between pcic and pccbb. 2002-01-29 06:53:32 +00:00
ext2fs Complete the separation of ext2fs from ufs by copying the remaining 2002-05-16 19:08:03 +00:00
fdc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
fdescfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
fe Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
firewire Remove unnecessary EXPORT_SYMS. 2003-02-13 13:42:19 +00:00
fpu Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
fxp vlan.h is obsolete, don't create it anymore. 2001-09-05 23:47:02 +00:00
gem Build a gem module, for sparc64 only for now. 2003-01-08 20:40:29 +00:00
gnufpu Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
gx Hook the gx module up to the build. 2001-10-19 02:21:16 +00:00
hea Build a 'hea_pci' driver module. 2002-06-03 09:13:53 +00:00
hfa Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
hifn Remove opt_pci.h from SRCS, it doesn't exist anymore. 2002-11-13 17:45:42 +00:00
hme Add an hme(4) module. 2003-01-09 16:29:03 +00:00
hpfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
i2c Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
ibcs2 add opt_mac.h to SRCS to unbreak module build. 2002-08-12 07:20:15 +00:00
idt HARP driver for the IDT77201/211 NICStAR ATM Adapter (Including Fore LE155). 2002-09-30 05:12:39 +00:00
if_disc Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
if_ef Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
if_faith Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
if_gif Depend on opt_mac.h. 2002-08-12 15:27:17 +00:00
if_gre Since bpf is no longer an optional component, remove associated ifdef's. 2002-10-02 09:38:17 +00:00
if_ppp Make ppp(4) devices clonable and unloadable. 2002-08-09 15:30:48 +00:00
if_sl Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
if_stf Add opt_mac.h to dependencies for if_stf.c module. 2002-10-20 22:57:22 +00:00
if_tap Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
if_tun The ppp and tunnel modules now rely on opt_mac.h. Missed in a previous 2002-07-31 20:19:28 +00:00
if_vlan Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
iir Add the 'iir' driver, for the Intel Integrated RAID controllers and 2002-01-20 08:51:08 +00:00
ip6fw Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ip_mroute_mod Hook up opt_mac.h to the build dependencies. The way we currently 2002-10-20 22:59:17 +00:00
ipfilter Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ipfw bring Makefile up to date with new ipfw 2002-06-28 08:10:07 +00:00
isp Add an isp(4) module. sbus support is only compiled in on sparc64. 2002-10-31 19:50:18 +00:00
ispfw Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
joy Use new location for joy, plus list its new bus front ends. 2001-12-05 09:09:48 +00:00
kue Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
lge Add device driver support for the Level 1 LXT1001 NetCellerator 2001-05-31 21:44:26 +00:00
libiconv Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
libmchain libmchain no longer exports m_fixhdr(); remove it from EXPORT_SYMS. 2002-12-14 00:01:51 +00:00
linprocfs Move the pseudofs, procfs and linprocfs modules out from the fs directory. 2002-02-04 20:16:50 +00:00
linux Add IPv6 support for Linuxlator. 2003-02-03 17:43:20 +00:00
lnc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
lpt Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
mac_biba opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_bsdextended Introduce support for Mandatory Access Control and extensible 2002-08-01 17:41:27 +00:00
mac_ifoff opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_lomac Hook up the mac_lomac module build. 2002-11-26 17:35:44 +00:00
mac_mls opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_none opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_partition Commit of Makefile missed in earlier pass. 2002-10-24 02:04:03 +00:00
mac_portacl A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
mac_seeotheruids Introduce support for Mandatory Access Control and extensible 2002-08-01 17:41:27 +00:00
mac_stub opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_test opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mcd newbus & bus_space the mcd(4) driver. 2002-10-04 07:14:19 +00:00
md Add opt_geom.h to the list. 2003-01-13 08:31:41 +00:00
mii Remove miidevs.h and generate it from miidevs at compile time. 2003-01-19 02:59:34 +00:00
mlx Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
mly Merge with latest version of the Mylex 6+ driver. 2001-07-14 00:12:23 +00:00
mpt Add a module for mpt(4). 2002-10-31 19:39:23 +00:00
msdosfs Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
my This time get it right 2002-04-16 20:40:06 +00:00
ncp Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ncv Add module directories and makefiles for ncv, nsp, stg and scsi_low 2001-12-15 12:37:36 +00:00
netgraph Take the rc4 code out of ng_mppc module so we don't fail to load when 2003-02-05 19:11:11 +00:00
nfsclient Moved nfs_diskless setup code from autoconf.c to nfsclient/nfs_diskless.c 2002-09-22 00:59:02 +00:00
nfsserver Permit MAC policies to instrument the access control decisions for 2002-11-04 15:13:36 +00:00
nge vlan.h is obsolete, don't create it anymore. 2001-09-05 23:47:02 +00:00
nmdm Not quite working makefile to make the nmdm device as a module. 2001-02-27 16:53:59 +00:00
nsp Add module directories and makefiles for ncv, nsp, stg and scsi_low 2001-12-15 12:37:36 +00:00
ntfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
null This is not going to win prizes for the most useful module ever, 2003-02-27 18:08:44 +00:00
nullfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
nwfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
oldcard Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
oltr Initiate deorbit burn for the i386-only a.out related support. Moves are 2002-09-17 01:49:00 +00:00
osf1 Remove support for running in SimOS. The support has rotted over 2003-02-25 00:42:40 +00:00
pccard I don't think that these modules should export symbols at all. All 2002-01-11 20:14:03 +00:00
pcfclock Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
pcic I don't think that these modules should export symbols at all. All 2002-01-11 20:14:03 +00:00
pcn Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
pcspeaker Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
pecoff opt_kstack_pages.h is not needed anymore. It would have been a Bad Thing 2002-09-08 02:59:38 +00:00
plip Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
pmc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
portalfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ppbus Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ppi Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
pps Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
procfs Slightly change the semantics of vnode labels for MAC: rather than 2002-10-26 14:38:24 +00:00
pseudofs Introduce support for Mandatory Access Control and extensible 2002-08-01 01:33:12 +00:00
raidframe After much delay and anticipation, welcome RAIDFrame into the FreeBSD 2002-10-20 08:17:39 +00:00
random Upgrade the random device to use a "real" hash instead of building 2002-07-15 13:58:35 +00:00
ray Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
rc - New-bussify the rc(4) device driver. 2002-10-23 15:53:09 +00:00
rc4 make rc4 crypto support a module so other modules can depend on it 2003-01-15 19:55:17 +00:00
rl Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
rp Fix my recent breakage of some modules. 2002-02-15 15:45:34 +00:00
s3 Remove some stray traces of KMODDEPS 2001-02-04 12:35:22 +00:00
sbni Add driver for Granch SBNI12-xx ISA and PCI network adapters. 2001-11-21 22:29:35 +00:00
scd - Convert to newbus, bus_space etc. 2002-11-05 09:37:32 +00:00
scsi_low Export symbols that constitute APIs defined by these 2002-01-11 01:16:00 +00:00
sem Add the rest of the kernel support for the sem_ API in kern/uipc_sem.c. 2002-09-19 00:43:32 +00:00
sf Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
sis Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
sk Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
smapi A driver for the System Management Application Program 2003-01-17 08:10:18 +00:00
smbfs Unbreak the build of smbfs.ko. 2002-03-18 13:06:57 +00:00
sn Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
snc Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
snp Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
sound pci_if.h is not needed. 2003-02-07 15:05:37 +00:00
splash Warning fixes. 2002-11-11 10:28:44 +00:00
sppp sppp needs slcompress.c nowadays. 2002-06-17 05:40:49 +00:00
sr Zap some bad examples: 2001-02-04 08:23:14 +00:00
ste Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
stg Add module directories and makefiles for ncv, nsp, stg and scsi_low 2001-12-15 12:37:36 +00:00
streams Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
svr4 Add opt_mac.h to dependencies for svr4 module, since I'm about to 2002-08-12 01:36:20 +00:00
sym Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
syscons Don't override CWARNFLAGS in these Makefiles. 2002-11-11 10:11:59 +00:00
sysvipc Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
ti At long last, commit the zero copy sockets code. 2002-06-26 03:37:47 +00:00
tl Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
trm Connect trm(4) to the build. 2002-10-13 18:44:26 +00:00
twe Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
tx Remove miidevs.h and generate it from miidevs at compile time. 2003-01-19 02:59:34 +00:00
txp vlan.h is obsolete, don't create it anymore. 2001-09-05 23:47:02 +00:00
ubsa Allow ubsa(4) driver to be build as a kernel module. 2002-10-10 05:03:09 +00:00
ubsec Remove opt_pci.h from SRCS, it doesn't exist anymore. 2002-11-13 17:45:42 +00:00
ucom Add a USB comm driver. 2002-03-18 18:23:42 +00:00
udbp Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
udf Nuke -g 2002-04-28 06:38:38 +00:00
ufm Support for USB fm radio. 2002-03-04 03:51:21 +00:00
ufs Add a makefile for building UFS as a module. Since it is of marginal 2002-06-30 02:23:12 +00:00
uftdi Add the uftdi ucom driver which supports the following adapters: 2002-08-11 23:32:33 +00:00
ugen Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
uhid Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ukbd Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ulpt Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
umapfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
umass Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
umodem Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
ums Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
unionfs Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
uplcom Add a USB comm driver. 2002-03-18 18:23:42 +00:00
urio Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
usb Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
uscanner Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
uvisor Commit a version of the uvisor driver for connecting Handspring 2002-07-30 17:44:28 +00:00
uvscom Add a USB comm driver. 2002-03-18 18:23:42 +00:00
vesa Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
vinum Remove gcc-specific optimization/debugging CFLAGS 2002-10-24 03:56:16 +00:00
vpo Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11 15:49:02 +00:00
vr Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
vx Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
wb Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
wi remove wi-specific host ap code; the wi driver now depends on the 2003-01-15 20:13:30 +00:00
wlan add module for 802.11 link layer code 2003-01-15 20:05:52 +00:00
xe Add a module of xe driver. 2002-02-20 15:00:34 +00:00
xl Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
Makefile A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
Makefile.inc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00