[GSoC'19 Weekly Update] MAC policy on IP addresses in Jail
Shivank Garg
shivank at freebsd.org
Mon Jun 10 13:47:44 UTC 2019
Hi everyone,
This project is aimed at developing a loadable MAC module with the "The
TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled
Jail can choose from.
This week I did the following-
* Understand and wrote TrustedBSD MAC framework bits for the mac_ipacl
module.
* Read the implementation of ifconfig and network modules in FreeBSD.
(sys/netinet and sys/netinet6)
* Checked the flow of code in the network modules(mainly in.c) by seeing
printf logs.
* I added MAC Framework checks in prison_check.c and tried simple tests
with it.
But I was going on the wrong path. So, had to check with my logic again.
Do Check this project on
Github:
https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl
FreeBSD wiki:
https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail
Please feel free to share your ideas and feedback on this project.
Regards,
Shivank Garg
More information about the soc-status
mailing list