diff options
| author | dwmalone <dwmalone@FreeBSD.org> | 2006-04-23 17:06:18 +0000 |
|---|---|---|
| committer | dwmalone <dwmalone@FreeBSD.org> | 2006-04-23 17:06:18 +0000 |
| commit | b6a29644300546ce70b02879a2c08ac130791d36 (patch) | |
| tree | 27f43660d8de323a7adc792ac8d26a820c3b6015 /sys/kern | |
| parent | f795ce96032ed06ead12a69167377795ea4364ee (diff) | |
| download | FreeBSD-src-b6a29644300546ce70b02879a2c08ac130791d36.zip FreeBSD-src-b6a29644300546ce70b02879a2c08ac130791d36.tar.gz | |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
Diffstat (limited to 'sys/kern')
0 files changed, 0 insertions, 0 deletions
