summaryrefslogtreecommitdiffstats
path: root/lib/libugidfw/ugidfw.c
Commit message (Collapse)AuthorAgeFilesLines
* Remove an unused variable.ed2009-12-311-1/+0
|
* Add some new options to mac_bsdestended. We can now match on:dwmalone2006-04-231-167/+729
| | | | | | | | | | | | | | | | | | | | | | | subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work. These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions. Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect. Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
* Fix two typos in comments.trhodes2005-04-231-2/+2
|
* When parsing the second {uid,gid} in an identity phrase for ugidfw,rwatson2005-04-161-13/+25
| | | | | | | | check the password or group database before attempting to parse as an integer, as is done for the first {uid,gid} in an identity phrase. Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA
* Properly return rule number.pjd2005-03-281-1/+1
| | | | | | Submitted by: Wojciech A. Koszek PR: bin/79292 MFC after: 1 week
* Modify libugidfw(3) to use MBI_* permission flags from mac_bsdextended.hrwatson2004-10-211-13/+12
| | | | | | | instead of using the V* permission flags from vnode.h. Remove include of vnode.h. Requested by: phk
* Fixed misspellings of 0 as NULL.bde2004-03-111-3/+2
|
* Add bsde_add_rule(), which is similar to bsde_set_rule() except thatrwatson2004-02-251-1/+42
| | | | | | | | the caller does not specify the rule number -- instead, the kernel module is probed for the next available rule, which is then used. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
* License and blurb update authorized by Network Associates.rwatson2002-11-071-7/+4
|
* Use size_t instead of int for len variables passed in/out of sysctl.rwatson2002-09-271-2/+3
| | | | Pointed out by: jake
* Use "ugidfw.h" rather than <ugidfw.h> so that mkdep can find it.rwatson2002-08-141-1/+1
| | | | Suggested by: mike
* Introduce support for Mandatory Access Control and extensiblerwatson2002-08-021-0/+712
kernel access control. Provide a library to manage user file system firewall-like rules supported by the mac_bsdextended.ko security model. The kernel module exports the current rule set using sysctl, and this library provides a front end that includes support for retrieving and setting rules, as well as printing and parsing them. Note: as with other userland components, this is a WIP. However, when used in combination with the soon-to-be-committed ugidfw, it can actually be quite useful in multi-user environments to allow the administrator to limit inter-user file operations without resorting to heavier weight labeled security policies. Obtained form: TrustedBSD Project Sponsored by: DARPA, NAI Labs
OpenPOWER on IntegriCloud