cvs commit: src/lib/libugidfw libugidfw.3 ugidfw.c ugidfw.h
src/sys/security/mac_bsdextended mac_bsdextended.c mac_bsdextended.h
src/tools/regression/mac/mac_bsdextended test_matches.sh test_ugidfw.c
src/usr.sbin/ugidfw ugidfw.8 ugidfw.c
Conrad J. Sabatier
conrads at cox.net
Tue Apr 25 07:26:13 UTC 2006
On Sun, 23 Apr 2006 17:06:18 +0000 (UTC), David Malone
<dwmalone at freebsd.org> wrote:
> dwmalone 2006-04-23 17:06:18 UTC
>
> FreeBSD src repository
>
> Modified files:
> lib/libugidfw libugidfw.3 ugidfw.c ugidfw.h
> sys/security/mac_bsdextended mac_bsdextended.c
> mac_bsdextended.h
> tools/regression/mac/mac_bsdextended test_ugidfw.c
> usr.sbin/ugidfw ugidfw.8 ugidfw.c
> Added files:
> tools/regression/mac/mac_bsdextended test_matches.sh
> Log:
> Add some new options to mac_bsdestended. We can now match on:
>
> subject: ranges of uid, ranges of gid, jail id
> objects: ranges of uid, ranges of gid, filesystem,
> object is suid, object is sgid, object matches
> subject uid/gid object type
>
> We can also negate individual conditions. The ruleset language is
> a superset of the previous language, so old rules should continue
> to work.
>
> These changes require a change to the API between libugidfw and the
> mac_bsdextended module. Add a version number, so we can tell if
> we're running mismatched versions.
>
> Update man pages to reflect changes, add extra test cases to
> test_ugidfw.c and add a shell script that checks that the the
> module seems to do what we expect.
>
> Suggestions from: rwatson, trhodes
> Reviewed by: trhodes
> MFC after: 2 months
>
> Revision Changes Path
> 1.8 +0 -10 src/lib/libugidfw/libugidfw.3
> 1.11 +729 -167 src/lib/libugidfw/ugidfw.c
> 1.5 +0 -3 src/lib/libugidfw/ugidfw.h
> 1.29 +158 -25
> src/sys/security/mac_bsdextended/mac_bsdextended.c 1.6 +52
> -10 src/sys/security/mac_bsdextended/mac_bsdextended.h 1.1
> +167 -0 src/tools/regression/mac/mac_bsdextended/test_matches.sh
> (new) 1.3 +50 -8
> src/tools/regression/mac/mac_bsdextended/test_ugidfw.c 1.9 +195
> -44 src/usr.sbin/ugidfw/ugidfw.8 1.6 +1 -0
> src/usr.sbin/ugidfw/ugidfw.c
Something seems to have been broken by this commit:
===> usr.sbin/ugidfw (all)
cc -O2 -fno-strict-aliasing -pipe -DNO_MALLOC_EXTRAS -O3 -pipe
-funit-at-a-time -fno-strict-aliasing -ffast-math -march=athlon64
-c /usr/src/usr.sbin/ugidfw/ugidfw.c
In file included from
/usr/src/usr.sbin/ugidfw/ugidfw.c:40: /usr/obj/usr/src/tmp/usr/include/security/mac_bsdextended/mac_bsdextended.h:104:
error: field `mbo_fsid' has incomplete type *** Error code 1
Stop in /usr/src/usr.sbin/ugidfw.
(amd64, 7.0-CURRENT)
--
Conrad J. Sabatier <conrads at cox.net> -- "In Unix veritas"
More information about the freebsd-current
mailing list