[GSoC'19 Weekly Update] MAC policy on IP addresses in Jail

[Shivank Garg]

Hi everyone!

This project is aimed at developing a loadable MAC module with the "The
TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled
Jail can choose from.

This week I made the following progress-
* Added sysctl interface to the mac_ipacl module to allow/disallow IPv4/6
address to jail.
* Added design notes for the policy structure of the new module
* Tested the mac_ipacl module with tests script and added more tests to
them.

Currently, I am-
* converting the policy into data structure
* looking into the code ipfw/pf to get the idea about passing the rules.
* looking into atf to integrate it with my test shell scripts.

Do Check this project on
Github:
https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl
FreeBSD wiki:
https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail

Please feel free to share your ideas and feedback on this project.

Regards,
Shivank Garg