| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.
Reviewed by: ru
Approved by: philip, ed (mentors)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
|
|
|
|
|
|
|
| |
<security/mac_bsdextended/mac_bsdextended.h> in order to include
<ugidfw.h>, so document that.
MFC after: 3 days
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
the caller does not specify the rule number -- instead, the kernel
module is probed for the next available rule, which is then used.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
|
| |
|
|
|
|
| |
Submitted by: Attila Nagy <bra@fsn.hu>
|
|
Sponsored by: DARPA, Network Associates Laboratories
|