[Bug 219376] [NEW PORT] sysutils/mac_nonet: Simple MAC framework policy to disable access to networking for certain group

Thu May 18 12:10:53 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219376

            Bug ID: 219376
           Summary: [NEW PORT] sysutils/mac_nonet: Simple MAC framework
                    policy to disable access to networking for certain
                    group
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: amutu at amutu.com

Created attachment 182693
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=182693&action=edit
new port shar file

Simple MAC framework policy to disable access to networking for certain group.
Running kldload mac_nonet.ko to load the kernel module. The load action require
root permissions. Set gid that shouldn't access the network: 
    sysctl security.mac.nonet.gid=31337
and enable enforcing:
     sysctl security.mac.nonet.enabled=1
Any call to socket(2) from user in this group will end with EPERM. You can also
select group that can access only AF_UNIX sockets with
security.mac.nonet.local_gid.

WWW: https://github.com/pbiernacki/mac_nonet

-- 
You are receiving this mail because:
You are the assignee for the bug.