svn commit: r464226 - in head/sysutils: . mac_nonet
Tobias Kortkamp
tobik at FreeBSD.org
Mon Mar 12 07:05:25 UTC 2018
Author: tobik
Date: Mon Mar 12 07:05:24 2018
New Revision: 464226
URL: https://svnweb.freebsd.org/changeset/ports/464226
Log:
New port: sysutils/mac_nonet
Simple MAC framework policy to disable access to networking for
certain group. Running kldload mac_nonet.ko to load the kernel
module. The load action require root permissions.
Set gid that shouldn't access the network:
sysctl security.mac.nonet.gid=31337
and enable enforcing:
sysctl security.mac.nonet.enabled=1
Any call to socket(2) from user in this group will end with EPERM.
You can also select group that can access only AF_UNIX sockets with
security.mac.nonet.local_gid.
WWW: https://github.com/pbiernacki/mac_nonet
PR: 219376
Submitted by: amutu at amutu.com
Reviewed by: bapt
Added:
head/sysutils/mac_nonet/
head/sysutils/mac_nonet/Makefile (contents, props changed)
head/sysutils/mac_nonet/distinfo (contents, props changed)
head/sysutils/mac_nonet/pkg-descr (contents, props changed)
Modified:
head/sysutils/Makefile
Modified: head/sysutils/Makefile
==============================================================================
--- head/sysutils/Makefile Mon Mar 12 06:58:02 2018 (r464225)
+++ head/sysutils/Makefile Mon Mar 12 07:05:24 2018 (r464226)
@@ -603,6 +603,7 @@
SUBDIR += lxsplit
SUBDIR += lxtask
SUBDIR += lxterminal
+ SUBDIR += mac_nonet
SUBDIR += mac_rtprio
SUBDIR += magicrescue
SUBDIR += manck
Added: head/sysutils/mac_nonet/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/mac_nonet/Makefile Mon Mar 12 07:05:24 2018 (r464226)
@@ -0,0 +1,23 @@
+# Created by: Jov <amutu at amutu.com>
+# $FreeBSD$
+
+PORTNAME= mac_nonet
+DISTVERSION= g20150821
+CATEGORIES= sysutils
+PKGNAMESUFFIX= -kmod
+
+MAINTAINER= amutu at amutu.com
+COMMENT= MAC policy to disable access to networking for certain group
+
+LICENSE= BSD2CLAUSE
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+USES= kmod uidfix
+
+USE_GITHUB= yes
+GH_ACCOUNT= pbiernacki
+GH_TAGNAME= f7e008a
+
+PLIST_FILES= ${KMODDIR}/mac_nonet.ko
+
+.include <bsd.port.mk>
Added: head/sysutils/mac_nonet/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/mac_nonet/distinfo Mon Mar 12 07:05:24 2018 (r464226)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1495107566
+SHA256 (pbiernacki-mac_nonet-g20150821-f7e008a_GH0.tar.gz) = 996281aa2e26528cbc4c265101e5f3996958cc816cb3434d412c5b6f51df6604
+SIZE (pbiernacki-mac_nonet-g20150821-f7e008a_GH0.tar.gz) = 1862
Added: head/sysutils/mac_nonet/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/mac_nonet/pkg-descr Mon Mar 12 07:05:24 2018 (r464226)
@@ -0,0 +1,14 @@
+Simple MAC framework policy to disable access to networking for
+certain group. Running kldload mac_nonet.ko to load the kernel
+module. The load action require root permissions.
+
+Set gid that shouldn't access the network:
+ sysctl security.mac.nonet.gid=31337
+and enable enforcing:
+ sysctl security.mac.nonet.enabled=1
+
+Any call to socket(2) from user in this group will end with EPERM.
+You can also select group that can access only AF_UNIX sockets with
+security.mac.nonet.local_gid.
+
+WWW: https://github.com/pbiernacki/mac_nonet
More information about the svn-ports-all
mailing list