cvs commit: src/lib/libugidfw libugidfw.3 ugidfw.c ugidfw.h
src/sys/security/mac_bsdextended mac_bsdextended.c mac_bsdextended.h
src/tools/regression/mac/mac_bsdextended test_matches.sh test_ugidfw.c
src/usr.sbin/ugidfw ugidfw.8 ugidfw.c
David Malone
dwmalone at FreeBSD.org
Sun Apr 23 17:06:19 UTC 2006
dwmalone 2006-04-23 17:06:18 UTC
FreeBSD src repository
Modified files:
lib/libugidfw libugidfw.3 ugidfw.c ugidfw.h
sys/security/mac_bsdextended mac_bsdextended.c
mac_bsdextended.h
tools/regression/mac/mac_bsdextended test_ugidfw.c
usr.sbin/ugidfw ugidfw.8 ugidfw.c
Added files:
tools/regression/mac/mac_bsdextended test_matches.sh
Log:
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
Revision Changes Path
1.8 +0 -10 src/lib/libugidfw/libugidfw.3
1.11 +729 -167 src/lib/libugidfw/ugidfw.c
1.5 +0 -3 src/lib/libugidfw/ugidfw.h
1.29 +158 -25 src/sys/security/mac_bsdextended/mac_bsdextended.c
1.6 +52 -10 src/sys/security/mac_bsdextended/mac_bsdextended.h
1.1 +167 -0 src/tools/regression/mac/mac_bsdextended/test_matches.sh (new)
1.3 +50 -8 src/tools/regression/mac/mac_bsdextended/test_ugidfw.c
1.9 +195 -44 src/usr.sbin/ugidfw/ugidfw.8
1.6 +1 -0 src/usr.sbin/ugidfw/ugidfw.c
More information about the cvs-src
mailing list