1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-24 11:29:10 +00:00
freebsd/sys/conf
Robert Watson 03d031626d A cute yet small MAC policy that provides a simple ACL mechanism to
permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh.  The policy is twiddled using
sysctl(8).  To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired.  This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack.  It appears to work properly in my local configuration,
but needs more broad testing.

A sample policy might be:

  # sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"

This permits uid 425 to bind TCP sockets to ports 79 and 80.  Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-03-02 23:01:42 +00:00
..
defines
files A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
files.alpha Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
files.amd64 Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
files.i386 Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
files.ia64 Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
files.pc98 Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
files.powerpc Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
files.sparc64 Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
kern.mk Sync with bsd.kern.mk. 2003-02-28 06:49:59 +00:00
kern.post.mk Abuse cleandir' for what clobber' was supposed to do, for peter. 2003-03-02 21:25:00 +00:00
kern.pre.mk Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
kmod_syms.awk Our awk does not implement the ARGIND variable, so we were attempting 2002-08-06 19:31:04 +00:00
kmod.mk Initiate the de-orbit burn sequence for <bsd.kern.mk>. 2003-02-28 22:12:17 +00:00
ldscript.alpha Use the new freebsd output format from Binutils 2.13.1. 2002-10-11 19:38:04 +00:00
ldscript.amd64 Add two symbols start_ctors and stop_ctors to allow us to find the 2003-01-06 07:37:15 +00:00
ldscript.i386 Add two symbols start_ctors and stop_ctors to allow us to find the 2003-01-06 07:37:15 +00:00
ldscript.ia64 Back out rev 1.7 -- I'm not sure we're ready for it and I can't test it. 2002-12-05 18:35:44 +00:00
ldscript.powerpc
ldscript.sparc64
majors GC the major number for the network entries. 2003-02-28 19:56:10 +00:00
majors.awk Add necessary awk magic to create a table of major numbers allocated 2003-02-27 08:52:11 +00:00
Makefile.alpha Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
Makefile.amd64 Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
Makefile.i386 Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
Makefile.ia64 Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
Makefile.pc98 Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
Makefile.powerpc Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
Makefile.sparc64 Standardize handling of locore.[sS] etc. files. 2003-02-28 21:59:14 +00:00
makeLINT.mk Implemented "nooption" and "nomakeoption" config(8) tokens. 2003-02-26 23:36:59 +00:00
makeLINT.sed Implemented "nooption" and "nomakeoption" config(8) tokens. 2003-02-26 23:36:59 +00:00
newvers.sh HEAD reverts to 5.0-CURRENT 2002-12-13 08:47:15 +00:00
NOTES A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
options A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
options.alpha Move SHOW_BUSYBUFS and PANIC_REBOOT_WAIT_TIME into the MI options file, since 2002-11-18 06:17:07 +00:00
options.amd64 Move SHOW_BUSYBUFS and PANIC_REBOOT_WAIT_TIME into the MI options file, since 2002-11-18 06:17:07 +00:00
options.i386 Add machdep.elan_freq sysctl which can be used to set the CPU clock 2003-01-15 20:15:33 +00:00
options.ia64 Add ITANIUM2 as a global option. 2002-11-24 19:50:15 +00:00
options.pc98 Remove unneeded entries. 2003-01-18 08:29:10 +00:00
options.powerpc Not all cpus are MPC750s. Replace the MPC750 cpu option with OEA. This 2003-02-05 11:37:59 +00:00
options.sparc64 Move SHOW_BUSYBUFS and PANIC_REBOOT_WAIT_TIME into the MI options file, since 2002-11-18 06:17:07 +00:00
systags.sh