summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ugidfw
Commit message (Collapse)AuthorAgeFilesLines
* In ugidfw(8), print the rule number and rule contents (as parsed and thenrwatson2008-12-241-2/+5
| | | | | | | | | regenerated in libugidfw) rather than simply printing that the rule was added with only the number. This makes ugidfw(8) behave a bit more like ipfw(8), and also means that the administrator sees how the rule was interpreted once uids/gids/etc were processed. Obtained from: TrustedBSD Project
* Add some new options to mac_bsdestended. We can now match on:dwmalone2006-04-232-44/+196
| | | | | | | | | | | | | | | | | | | | | | | subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work. These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions. Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect. Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
* Fixing an off-by-one error which results in 'ugidfw list' to complain aboutavatar2005-07-211-1/+1
| | | | | | | "Data error in security.mac.bsdextended.rules.N: Unknown error: 0." Reviewed by: rwatson MFC after: 3 days
* Add prototypes and remove unused variables for WARNS=6 compliance. Addcharnier2005-01-161-25/+28
| | | | | 'usage: ' in front of usage string. Use warnx(3) instead of fprintf in error messages to get progname prepended.
* Wording nit.trhodes2005-01-101-1/+1
|
* Remove unnecessary include of vnode.h.rwatson2004-10-211-1/+0
| | | | Requested by: phk
* Mechanically kill hard sentence breaks.ru2004-07-021-2/+2
|
* Add an 'add' command to ugidfw(8), which permits specifying a newrwatson2004-02-252-10/+65
| | | | | | | | | rule without explicitly specifying a new rule number. Update copyrights, remove license clause three. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
* style.Makefile(5)obrien2003-04-041-0/+1
|
* mdoc(7) police: markup overhaul.ru2002-12-121-33/+37
| | | | Approved by: re
* Stick .Os between .Dd and .Dtchris2002-10-201-0/+1
|
* Cosmetic line-wrapping change that has the side-effect of not producingchris2002-10-181-2/+2
| | | | the (incorrectly-spaced) output "... Network Associates Inc. under ..."
* Remove a superfluous line containing only `.'chris2002-10-181-1/+0
|
* Activate ugidfw.8 man page.chris2002-10-171-1/+1
| | | | | Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Add a man page for ugidfw(8).chris2002-10-171-0/+176
| | | | | Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Add a libnames entry for libugidfw.rwatson2002-08-021-0/+1
| | | | | | Add a DPADD line for ${LIBUGIDFW} for ugidfw. Submitted by: ru
* Introduce support for Mandatory Access Control and extensiblerwatson2002-08-022-0/+190
kernel access control. Provide ugidfw, a utility to manage the ruleset provided by mac_bsdextended. Similar to ipfw, only for uids/gids and files. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
OpenPOWER on IntegriCloud