summaryrefslogtreecommitdiffstats
path: root/lib/libugidfw
Commit message (Collapse)AuthorAgeFilesLines
* First pass through library packaging.gjb2016-02-041-0/+1
| | | | Sponsored by: The FreeBSD Foundation
* META MODE: Prefer INSTALL=tools/install.sh to lessen the need for xinstall.host.bdrewery2015-11-251-1/+0
| | | | | | | | This both avoids some dependencies on xinstall.host and allows bootstrapping on older releases to work due to lack of at least 'install -l' support. Sponsored by: EMC / Isilon Storage Division
* Fix 'ugidfw remove' after r284251 incorrectly changed it.bdrewery2015-09-291-1/+1
| | | | The sysctl_rule() node removes entries when given a newptr and newlen == 0.
* Set some internal helpers as static and initialize few variables to silencearaujo2015-06-242-10/+11
| | | | | | | | | | | | CLANG WARNINGS. BUMP SHLIB_MAJOR version as the ABI potentially changed. Also run an 'exp run' to double check if any external project are using those functions. Thanks antoine@. PR: 200807 Differential Revision: D2775 Reviewed by: kib, ngie
* Add META_MODE support.sjg2015-06-131-0/+19
|\ | | | | | | | | | | | | | | | | | | | | Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree. Still need to add real targets under targets/ to build packages. Differential Revision: D2796 Reviewed by: brooks imp
| * dirdeps.mk now sets DEP_RELDIRsjg2015-06-081-2/+0
| |
| * Updated dependenciessjg2014-05-161-1/+1
| |
| * Updated dependenciessjg2014-05-101-0/+2
| |
| * Updated dependenciessjg2013-03-111-0/+1
| |
| * Updated dependenciessjg2013-02-161-2/+0
| |
| * Updated/new Makefile.dependsjg2012-11-081-0/+3
| |
| * Sync FreeBSD's bmake branch with Juniper's internal bmake branch.marcel2012-08-221-0/+16
| | | | | | | | Requested by: Simon Gerraty <sjg@juniper.net>
* | Remove unnecessary variable and fix the usage of sysctl(3).araujo2015-06-111-7/+5
| | | | | | | | | | Differential Revision: D2733 Reviewed by: ngie, kib
* | Remove unused variables and silence clang warnings.araujo2015-06-041-4/+2
|/ | | | | Differential Revision: D2686 Reviewed by: rodrigc
* Quiet clang warnings by using string literal format strings.emaste2011-01-041-2/+2
|
* mdoc: order prologue macros consistently by Dd/Dt/Osuqs2010-04-145-5/+5
| | | | | | | | Although groff_mdoc(7) gives another impression, this is the ordering most widely used and also required by mdocml/mandoc. Reviewed by: ru Approved by: philip, ed (mentors)
* Build lib/ with WARNS=6 by default.ed2010-01-021-0/+2
| | | | | | | | | Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and lower it when needed. I'm setting WARNS?=0 for secure/. It seems secure/ includes the Makefile.inc provided by lib/. I'm not going to touch that directory. Most of the code there is contributed anyway.
* Remove an unused variable.ed2009-12-311-1/+0
|
* Bump the version of all non-symbol-versioned shared libraries inkensmith2009-07-191-1/+1
| | | | | | | | preparation for 8.0-RELEASE. Add the previous version of those libraries to ObsoleteFiles.inc and bump __FreeBSD_Version. Reviewed by: kib Approved by: re (rwatson)
* Bump library versions in preparation for 7.0.deischen2007-05-211-1/+1
| | | | Ok'd by: kan
* Add some new options to mac_bsdestended. We can now match on:dwmalone2006-04-233-180/+729
| | | | | | | | | | | | | | | | | | | | | | | subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work. These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions. Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect. Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
* Bump the shared library version number of all libraries that have notkensmith2005-07-221-1/+1
| | | | | | | been bumped since RELENG_5. Reviewed by: ru Approved by: re (not needed for commit check but in principle...)
* Fix two typos in comments.trhodes2005-04-231-2/+2
|
* When parsing the second {uid,gid} in an identity phrase for ugidfw,rwatson2005-04-161-13/+25
| | | | | | | | check the password or group database before attempting to parse as an integer, as is done for the first {uid,gid} in an identity phrase. Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA
* In practice, you need to include <sys/types.h> andrwatson2005-04-161-0/+2
| | | | | | | <security/mac_bsdextended/mac_bsdextended.h> in order to include <ugidfw.h>, so document that. MFC after: 3 days
* Fix typo - link for bsde_add_rule(3) manual page was not created.pjd2005-03-281-1/+1
| | | | MFC after: 1 week
* Properly return rule number.pjd2005-03-281-1/+1
| | | | | | Submitted by: Wojciech A. Koszek PR: bin/79292 MFC after: 1 week
* Modify libugidfw(3) to use MBI_* permission flags from mac_bsdextended.hrwatson2004-10-211-13/+12
| | | | | | | instead of using the V* permission flags from vnode.h. Remove include of vnode.h. Requested by: phk
* Mechanically kill hard sentence breaks.ru2004-07-025-5/+10
|
* Markup, grammar, punctuation.ru2004-07-012-2/+4
|
* Fixed misspellings of 0 as NULL.bde2004-03-111-3/+2
|
* Add bsde_add_rule(), which is similar to bsde_set_rule() except thatrwatson2004-02-255-4/+79
| | | | | | | | the caller does not specify the rule number -- instead, the kernel module is probed for the next available rule, which is then used. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
* Assorted mdoc(7) fixes.ru2003-06-015-74/+91
|
* Correct a couple small typos.chris2003-01-071-2/+2
| | | | Submitted by: Attila Nagy <bra@fsn.hu>
* Document the file system firewall interface library functions.chris2003-01-076-0/+515
| | | | Sponsored by: DARPA, Network Associates Laboratories
* License and blurb update authorized by Network Associates.rwatson2002-11-072-14/+8
|
* Zap now-unused SHLIB_MINORpeter2002-09-281-1/+0
|
* Use size_t instead of int for len variables passed in/out of sysctl.rwatson2002-09-272-3/+4
| | | | Pointed out by: jake
* Use "ugidfw.h" rather than <ugidfw.h> so that mkdep can find it.rwatson2002-08-141-1/+1
| | | | Suggested by: mike
* De-gccize CFLAGS by removing it.rwatson2002-08-021-2/+0
| | | | | | NOMAN is no longer required when a man page is not yet present. Submitted by: ru
* Introduce support for Mandatory Access Control and extensiblerwatson2002-08-023-0/+785
kernel access control. Provide a library to manage user file system firewall-like rules supported by the mac_bsdextended.ko security model. The kernel module exports the current rule set using sysctl, and this library provides a front end that includes support for retrieving and setting rules, as well as printing and parsing them. Note: as with other userland components, this is a WIP. However, when used in combination with the soon-to-be-committed ugidfw, it can actually be quite useful in multi-user environments to allow the administrator to limit inter-user file operations without resorting to heavier weight labeled security policies. Obtained form: TrustedBSD Project Sponsored by: DARPA, NAI Labs
OpenPOWER on IntegriCloud