[GSoC'19 Weekly Update] MAC policy on IP addresses in Jail
Shivank Garg
shivank at freebsd.org
Mon Jun 24 14:21:40 UTC 2019
Hi everyone!
This project is aimed at developing a loadable MAC module with the "The
TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled
Jail can choose from.
This week I made the following progress-
* Added sysctl interface to the mac_ipacl module to allow/disallow IPv4/6
address to jail.
* Added design notes for the policy structure of the new module
* Tested the mac_ipacl module with tests script and added more tests to
them.
Currently, I am-
* converting the policy into data structure
* looking into the code ipfw/pf to get the idea about passing the rules.
* looking into atf to integrate it with my test shell scripts.
Do Check this project on
Github:
https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl
FreeBSD wiki:
https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail
Please feel free to share your ideas and feedback on this project.
Regards,
Shivank Garg
More information about the soc-status
mailing list