1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-18 10:35:55 +00:00
freebsd/sys/modules
Robert Watson 03d031626d A cute yet small MAC policy that provides a simple ACL mechanism to
permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh.  The policy is twiddled using
sysctl(8).  To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired.  This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack.  It appears to work properly in my local configuration,
but needs more broad testing.

A sample policy might be:

  # sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"

This permits uid 425 to bind TCP sockets to ports 79 and 80.  Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-03-02 23:01:42 +00:00
..
3dfx
aac Revert the use of -g that leaked in. 2003-02-26 06:56:46 +00:00
accf_data
accf_http
acpi Add code for ACPI PCI link object manipulation. 2002-10-05 02:01:05 +00:00
agp Split the arch-specific AGP files into the appropriate files.* and do the same 2003-02-14 06:33:52 +00:00
aha
aic Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
aic7xxx Update GENSRCS and aicasm options correctly depending on whether register 2003-01-22 21:56:54 +00:00
aio
amd Move the amd(4) driver to it's own directory in preparation for it growing 2002-12-13 22:59:18 +00:00
amr (1) added LSI Logic copyright, and legal line 3 in license, and string 2002-10-18 21:29:14 +00:00
an
aout I completely fubared this. An empty EXPORT_SYMS= is not valid. I know I 2002-09-11 18:03:03 +00:00
apm Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
ar
arcnet - add support for IPX (tested with mount -t nwfs and mars_nwe), 2003-01-24 01:32:20 +00:00
asr
atspeaker Rename the speaker device for pc98 to 'pcspeaker'. 2002-10-31 05:19:33 +00:00
aue
awi
bge Remove miidevs.h and generate it from miidevs at compile time. 2003-01-19 02:59:34 +00:00
bktr Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
bridge
cam New SCSI target emulator code 2002-11-22 22:55:51 +00:00
canbepm Add CanBe power management controller support. 2003-02-03 14:46:26 +00:00
canbus Add CanBe power management controller support. 2003-02-03 14:46:26 +00:00
cardbus
cbb Fix this pending the decision of which of the redundant 2002-08-27 15:59:19 +00:00
ccd
cd9660
ciss - Comment a line which sets CISS_DEBUG by default. 2002-10-27 12:09:51 +00:00
cm
coda
coff
crypto Module-ize the 'core' crypto stuff. This may still need to be compiled 2002-10-16 14:31:34 +00:00
cryptodev module for /dev/crypto support 2002-10-04 20:35:02 +00:00
cue
dc
de
digi
drm Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
dummynet
ed Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
el
em Don't roll our own clean target, the default one 2002-10-27 17:06:03 +00:00
ep Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
exca
ext2fs
fdc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
fdescfs
fe Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
firewire Remove unnecessary EXPORT_SYMS. 2003-02-13 13:42:19 +00:00
fpu
fxp
gem Build a gem module, for sparc64 only for now. 2003-01-08 20:40:29 +00:00
gnufpu
gx
hea
hfa Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
hifn Remove opt_pci.h from SRCS, it doesn't exist anymore. 2002-11-13 17:45:42 +00:00
hme Add an hme(4) module. 2003-01-09 16:29:03 +00:00
hpfs
i2c Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
ibcs2 add opt_mac.h to SRCS to unbreak module build. 2002-08-12 07:20:15 +00:00
idt HARP driver for the IDT77201/211 NICStAR ATM Adapter (Including Fore LE155). 2002-09-30 05:12:39 +00:00
if_disc
if_ef
if_faith
if_gif Depend on opt_mac.h. 2002-08-12 15:27:17 +00:00
if_gre Since bpf is no longer an optional component, remove associated ifdef's. 2002-10-02 09:38:17 +00:00
if_ppp Make ppp(4) devices clonable and unloadable. 2002-08-09 15:30:48 +00:00
if_sl
if_stf Add opt_mac.h to dependencies for if_stf.c module. 2002-10-20 22:57:22 +00:00
if_tap
if_tun The ppp and tunnel modules now rely on opt_mac.h. Missed in a previous 2002-07-31 20:19:28 +00:00
if_vlan
iir
ip6fw
ip_mroute_mod Hook up opt_mac.h to the build dependencies. The way we currently 2002-10-20 22:59:17 +00:00
ipfilter
ipfw bring Makefile up to date with new ipfw 2002-06-28 08:10:07 +00:00
isp Add an isp(4) module. sbus support is only compiled in on sparc64. 2002-10-31 19:50:18 +00:00
ispfw
joy
kue
lge
libiconv
libmchain libmchain no longer exports m_fixhdr(); remove it from EXPORT_SYMS. 2002-12-14 00:01:51 +00:00
linprocfs
linux Add IPv6 support for Linuxlator. 2003-02-03 17:43:20 +00:00
lnc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
lpt
mac_biba opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_bsdextended Introduce support for Mandatory Access Control and extensible 2002-08-01 17:41:27 +00:00
mac_ifoff opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_lomac Hook up the mac_lomac module build. 2002-11-26 17:35:44 +00:00
mac_mls opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_none opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_partition Commit of Makefile missed in earlier pass. 2002-10-24 02:04:03 +00:00
mac_portacl A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
mac_seeotheruids Introduce support for Mandatory Access Control and extensible 2002-08-01 17:41:27 +00:00
mac_stub opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mac_test opt_mac.h is no longer required for any of these modules, remove from 2002-10-22 17:10:15 +00:00
mcd newbus & bus_space the mcd(4) driver. 2002-10-04 07:14:19 +00:00
md Add opt_geom.h to the list. 2003-01-13 08:31:41 +00:00
mii Remove miidevs.h and generate it from miidevs at compile time. 2003-01-19 02:59:34 +00:00
mlx
mly
mpt Add a module for mpt(4). 2002-10-31 19:39:23 +00:00
msdosfs Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
my
ncp
ncv
netgraph Take the rc4 code out of ng_mppc module so we don't fail to load when 2003-02-05 19:11:11 +00:00
nfsclient Moved nfs_diskless setup code from autoconf.c to nfsclient/nfs_diskless.c 2002-09-22 00:59:02 +00:00
nfsserver Permit MAC policies to instrument the access control decisions for 2002-11-04 15:13:36 +00:00
nge
nmdm
nsp
ntfs
null This is not going to win prizes for the most useful module ever, 2003-02-27 18:08:44 +00:00
nullfs
nwfs
oldcard Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
oltr Initiate deorbit burn for the i386-only a.out related support. Moves are 2002-09-17 01:49:00 +00:00
osf1 Remove support for running in SimOS. The support has rotted over 2003-02-25 00:42:40 +00:00
pccard
pcfclock
pcic
pcn
pcspeaker Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
pecoff opt_kstack_pages.h is not needed anymore. It would have been a Bad Thing 2002-09-08 02:59:38 +00:00
plip
pmc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00
portalfs
ppbus
ppi
pps
procfs Slightly change the semantics of vnode labels for MAC: rather than 2002-10-26 14:38:24 +00:00
pseudofs Introduce support for Mandatory Access Control and extensible 2002-08-01 01:33:12 +00:00
raidframe After much delay and anticipation, welcome RAIDFrame into the FreeBSD 2002-10-20 08:17:39 +00:00
random Upgrade the random device to use a "real" hash instead of building 2002-07-15 13:58:35 +00:00
ray
rc - New-bussify the rc(4) device driver. 2002-10-23 15:53:09 +00:00
rc4 make rc4 crypto support a module so other modules can depend on it 2003-01-15 19:55:17 +00:00
rl
rp
s3
sbni
scd - Convert to newbus, bus_space etc. 2002-11-05 09:37:32 +00:00
scsi_low
sem Add the rest of the kernel support for the sem_ API in kern/uipc_sem.c. 2002-09-19 00:43:32 +00:00
sf
sis
sk
smapi A driver for the System Management Application Program 2003-01-17 08:10:18 +00:00
smbfs
sn
snc
snp
sound pci_if.h is not needed. 2003-02-07 15:05:37 +00:00
splash Warning fixes. 2002-11-11 10:28:44 +00:00
sppp
sr
ste
stg
streams
svr4 Add opt_mac.h to dependencies for svr4 module, since I'm about to 2002-08-12 01:36:20 +00:00
sym
syscons Don't override CWARNFLAGS in these Makefiles. 2002-11-11 10:11:59 +00:00
sysvipc Include "../Makefile.inc". 2002-11-06 13:41:40 +00:00
ti At long last, commit the zero copy sockets code. 2002-06-26 03:37:47 +00:00
tl
trm Connect trm(4) to the build. 2002-10-13 18:44:26 +00:00
twe
tx Remove miidevs.h and generate it from miidevs at compile time. 2003-01-19 02:59:34 +00:00
txp
ubsa Allow ubsa(4) driver to be build as a kernel module. 2002-10-10 05:03:09 +00:00
ubsec Remove opt_pci.h from SRCS, it doesn't exist anymore. 2002-11-13 17:45:42 +00:00
ucom
udbp
udf
ufm
ufs Add a makefile for building UFS as a module. Since it is of marginal 2002-06-30 02:23:12 +00:00
uftdi Add the uftdi ucom driver which supports the following adapters: 2002-08-11 23:32:33 +00:00
ugen
uhid
ukbd
ulpt
umapfs
umass
umodem
ums
unionfs
uplcom
urio
usb
uscanner
uvisor Commit a version of the uvisor driver for connecting Handspring 2002-07-30 17:44:28 +00:00
uvscom
vesa
vinum Remove gcc-specific optimization/debugging CFLAGS 2002-10-24 03:56:16 +00:00
vpo
vr
vx
wb
wi remove wi-specific host ap code; the wi driver now depends on the 2003-01-15 20:13:30 +00:00
wlan add module for 802.11 link layer code 2003-01-15 20:05:52 +00:00
xe
xl
Makefile A cute yet small MAC policy that provides a simple ACL mechanism to 2003-03-02 23:01:42 +00:00
Makefile.inc Move adding -DPC98 to CFLAGS from each modules to sys/modules/Makefile.inc. 2002-11-06 13:47:00 +00:00