[GSoC'19 Weekly Update] MAC policy on IP addresses in Jail
Shivank Garg
shivank at freebsd.org
Mon Jul 1 14:25:19 UTC 2019
Hi everyone!
This project is aimed at developing a loadable MAC module with the "The
TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled
Jail can choose from.
This week I made the following progress-
* Converted the proposed policy into a data structure.
* Added sysctl interface to take input the of the rules string.
* Added a string parser to parse that input string to fill the policy
structure.
Do Check this project on
Github:
https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl
FreeBSD wiki:
https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail
Please feel free to share your ideas and feedback on this project.
Regards,
Shivank Garg
More information about the soc-status
mailing list