cvs commit: src/lib/libugidfw libugidfw.3 ugidfw.c ugidfw.h src/sys/security/mac_bsdextended mac_bsdextended.c mac_bsdextended.h src/tools/regression/mac/mac_bsdextended test_ugidfw.c src/usr.sbin/ugidfw ugidfw.8 ugidfw.c

David Malone dwmalone at
Sun Apr 23 17:06:19 UTC 2006

dwmalone    2006-04-23 17:06:18 UTC

  FreeBSD src repository

  Modified files:
    lib/libugidfw        libugidfw.3 ugidfw.c ugidfw.h 
    sys/security/mac_bsdextended mac_bsdextended.c 
    tools/regression/mac/mac_bsdextended test_ugidfw.c 
    usr.sbin/ugidfw      ugidfw.8 ugidfw.c 
  Added files:
  Add some new options to mac_bsdestended. We can now match on:
          subject: ranges of uid, ranges of gid, jail id
          objects: ranges of uid, ranges of gid, filesystem,
                  object is suid, object is sgid, object matches subject uid/gid
                  object type
  We can also negate individual conditions. The ruleset language is
  a superset of the previous language, so old rules should continue
  to work.
  These changes require a change to the API between libugidfw and the
  mac_bsdextended module. Add a version number, so we can tell if
  we're running mismatched versions.
  Update man pages to reflect changes, add extra test cases to
  test_ugidfw.c and add a shell script that checks that the the
  module seems to do what we expect.
  Suggestions from: rwatson, trhodes
  Reviewed by: trhodes
  MFC after: 2 months
  Revision  Changes    Path
  1.8       +0 -10     src/lib/libugidfw/libugidfw.3
  1.11      +729 -167  src/lib/libugidfw/ugidfw.c
  1.5       +0 -3      src/lib/libugidfw/ugidfw.h
  1.29      +158 -25   src/sys/security/mac_bsdextended/mac_bsdextended.c
  1.6       +52 -10    src/sys/security/mac_bsdextended/mac_bsdextended.h
  1.1       +167 -0    src/tools/regression/mac/mac_bsdextended/ (new)
  1.3       +50 -8     src/tools/regression/mac/mac_bsdextended/test_ugidfw.c
  1.9       +195 -44   src/usr.sbin/ugidfw/ugidfw.8
  1.6       +1 -0      src/usr.sbin/ugidfw/ugidfw.c

More information about the cvs-src mailing list