PERFORCE change 79076 for review
Samy Al Bahra
samy at FreeBSD.org
Tue Jun 28 12:50:37 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=79076
Change 79076 by samy at samy_home on 2005/06/28 12:50:36
The mac_suidacl policy takes advantage of the new
setxid() MAC entry points (and check_vnode_exec) to
control access of credential-changing elements of a
system (at a uid and gid level). This is a trivial
modification of the mac_portacl module.
Approved by: rwatson
Affected files ...
.. //depot/projects/trustedbsd/mac/share/man/man4/Makefile#52 edit
.. //depot/projects/trustedbsd/mac/share/man/man4/mac_suidacl.4#1 add
.. //depot/projects/trustedbsd/mac/sys/conf/files#118 edit
.. //depot/projects/trustedbsd/mac/sys/modules/mac_suidacl/Makefile#1 add
.. //depot/projects/trustedbsd/mac/sys/security/mac_suidacl/mac_suidacl.c#1 add
Differences ...
==== //depot/projects/trustedbsd/mac/share/man/man4/Makefile#52 (text+ko) ====
@@ -142,6 +142,7 @@
mac_partition.4 \
mac_portacl.4 \
mac_seeotheruids.4 \
+ mac_suidacl.4 \
mac_support.4 \
mac_stub.4 \
mac_test.4 \
==== //depot/projects/trustedbsd/mac/sys/conf/files#118 (text+ko) ====
@@ -1767,6 +1767,7 @@
security/mac_portacl/mac_portacl.c optional mac_portacl
security/mac_seeotheruids/mac_seeotheruids.c optional mac_seeotheruids
security/mac_stub/mac_stub.c optional mac_stub
+security/mac_suidacl/mac_suidacl.c optional mac_suidacl
security/mac_test/mac_test.c optional mac_test
ufs/ffs/ffs_alloc.c optional ffs
ufs/ffs/ffs_balloc.c optional ffs
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list