History log of /freebsd/sys/security/mac_bsdextended/mac_bsdextended.c (Results 51 – 75 of 142)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# c96ae196 06-Feb-2007 Robert Watson <rwatson@FreeBSD.org>

Continue 7-CURRENT MAC Framework rearrangement and cleanup:

Don't perform a nested include of _label.h in mac.h, as mac.h now
describes only the user API to MAC, and _label.h defines the in-kernel

Continue 7-CURRENT MAC Framework rearrangement and cleanup:

Don't perform a nested include of _label.h in mac.h, as mac.h now
describes only the user API to MAC, and _label.h defines the in-kernel
representation of MAC labels.

Remove mac.h includes from policies and MAC framework components that do
not use userspace MAC API definitions.

Add _KERNEL inclusion checks to mac_internal.h and mac_policy.h, as these
are kernel-only include files

Obtained from: TrustedBSD Project

show more ...


Revision tags: release/6.2.0_cvs, release/6.2.0
# 0efd6615 23-Dec-2006 Robert Watson <rwatson@FreeBSD.org>

Move src/sys/sys/mac_policy.h, the kernel interface between the MAC
Framework and security modules, to src/sys/security/mac/mac_policy.h,
completing the removal of kernel-only MAC Framework include f

Move src/sys/sys/mac_policy.h, the kernel interface between the MAC
Framework and security modules, to src/sys/security/mac/mac_policy.h,
completing the removal of kernel-only MAC Framework include files from
src/sys/sys. Update the MAC Framework and MAC policy modules. Delete
the old mac_policy.h.

Third party policy modules will need similar updating.

Obtained from: TrustedBSD Project

show more ...


# acd3428b 06-Nov-2006 Robert Watson <rwatson@FreeBSD.org>

Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges. These may
require some future tweaking.

Sponsored by: nCircle

Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges. These may
require some future tweaking.

Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>

show more ...


Revision tags: release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0
# 89ddbd45 23-Apr-2006 David Malone <dwmalone@FreeBSD.org>

Add some new options to mac_bsdestended. We can now match on:

subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, ob

Add some new options to mac_bsdestended. We can now match on:

subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months

show more ...


# 42ae38e9 04-Mar-2006 David Malone <dwmalone@FreeBSD.org>

Create a mac_bsdextended_check_vp function that takes a cred, a
vnode and a mode and checks if a given access mode is permitted.
This centralises the mac_bsdextended_enabled check and the GETATTR
cal

Create a mac_bsdextended_check_vp function that takes a cred, a
vnode and a mode and checks if a given access mode is permitted.
This centralises the mac_bsdextended_enabled check and the GETATTR
calls and makes the implementation of the mac policy methods simple.

This should make it easier for us to match vnodes on more complex
attributes than just uid and gid in the future, but for now there
should be no functional change.

Approved/Reviewed by: rwatson, trhodes
MFC after: 1 month

show more ...


# e1216740 15-Jan-2006 Christian S.J. Peron <csjp@FreeBSD.org>

Fix potential overrun of static stack allocated array which stores
the rules. If an array is N elements large, we can only access
elements 0..(N-1).

MFC after: 1 week
Found with: Coverity Prevent(tm)


Revision tags: release/6.0.0_cvs, release/6.0.0
# 096dd406 28-Jul-2005 Tom Rhodes <trhodes@FreeBSD.org>

If a "hole" opens up in the ruleset (i.e.: remove 5), do not return
unknown error. Instead, just return error.

Submitted by: avatar
Tested by: trhodes


Revision tags: release/5.4.0_cvs, release/5.4.0
# a203d978 22-Apr-2005 Tom Rhodes <trhodes@FreeBSD.org>

Add locking support to mac_bsdextended:

- Introduce a global mutex, mac_bsdextended_mtx, to protect the rule
array and hold this mutex over use and modification of the rule array
and rules.
-

Add locking support to mac_bsdextended:

- Introduce a global mutex, mac_bsdextended_mtx, to protect the rule
array and hold this mutex over use and modification of the rule array
and rules.
- Re-order and clean up sysctl_rule so that copyin/copyout/update happen
in the right order (suggested by: jhb done by rwatson).

show more ...


Revision tags: release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0
# 46e23372 22-Oct-2004 Robert Watson <rwatson@FreeBSD.org>

Minor white space synchronization and line wrapping.


# bda37097 21-Oct-2004 Robert Watson <rwatson@FreeBSD.org>

Bump copyright dates for NETA on these files.


# 2e74bca1 21-Oct-2004 Robert Watson <rwatson@FreeBSD.org>

Modify mac_bsdextended policy so that it defines its own vnode access
right bits rather than piggy-backing on the V* rights defined in
vnode.h. The mac_bsdextended bits are given the same values as

Modify mac_bsdextended policy so that it defines its own vnode access
right bits rather than piggy-backing on the V* rights defined in
vnode.h. The mac_bsdextended bits are given the same values as the V*
bits to make the new kernel module binary compatible with the old
version of libugidfw that uses V* bits. This avoids leaking kernel
API/ABI to user management tools, and in particular should remove the
need for libugidfw to include vnode.h.

Requested by: phk

show more ...


# 88af0398 10-Sep-2004 Tom Rhodes <trhodes@FreeBSD.org>

Remove the debugging tunable, it was not being used.
Enable first match by default.[1]

We should: rwatson [1]


# 60673f35 21-Aug-2004 Tom Rhodes <trhodes@FreeBSD.org>

Allow mac_bsdextended(4) to log failed attempts to syslog's AUTHPRIV
facility. This is disabled by default but may be turned on by using
the mac_bsdextended_logging sysctl.

Reviewed by: re (jhb)
Ap

Allow mac_bsdextended(4) to log failed attempts to syslog's AUTHPRIV
facility. This is disabled by default but may be turned on by using
the mac_bsdextended_logging sysctl.

Reviewed by: re (jhb)
Approved by: re (jhb)

show more ...


# fa31f180 21-Aug-2004 Tom Rhodes <trhodes@FreeBSD.org>

Give the mac_bsdextended(4) policy the ability to match and apply on a first
rule only in place of all rules match. This is similar to how ipfw(8) works.

Provide a sysctl, mac_bsdextended_firstmatc

Give the mac_bsdextended(4) policy the ability to match and apply on a first
rule only in place of all rules match. This is similar to how ipfw(8) works.

Provide a sysctl, mac_bsdextended_firstmatch_enabled, to enable this
feature.

Reviewed by: re (jhb)
Aprroved by: re (jhb)

show more ...


# 56c38cd9 23-Jul-2004 Robert Watson <rwatson@FreeBSD.org>

Allow an effective uid of root to bypass mac_bsdextended rules; the MAC
Framework can restrict the root user, but this policy is not intended
to support that.

Stylish Swiss footwear provided for: tr

Allow an effective uid of root to bypass mac_bsdextended rules; the MAC
Framework can restrict the root user, but this policy is not intended
to support that.

Stylish Swiss footwear provided for: trhodes

show more ...


Revision tags: release/4.10.0_cvs, release/4.10.0, release/5.2.1_cvs, release/5.2.1
# f6a41092 22-Feb-2004 Robert Watson <rwatson@FreeBSD.org>

Update my personal copyrights and NETA copyrights in the kernel
to use the "year1-year3" format, as opposed to "year1, year2, year3".
This seems to make lawyers more happy, but also prevents the
line

Update my personal copyrights and NETA copyrights in the kernel
to use the "year1-year3" format, as opposed to "year1, year2, year3".
This seems to make lawyers more happy, but also prevents the
lines from getting excessively long as the years start to add up.

Suggested by: imp

show more ...


Revision tags: release/5.2.0_cvs, release/5.2.0, release/4.9.0_cvs, release/4.9.0
# 54e2c147 21-Aug-2003 Robert Watson <rwatson@FreeBSD.org>

Implementations of mpo_check_vnode_deleteextattr() and
mpo_check_vnode_listextattr() for Biba, MLS, and BSD Extended.

Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Labora

Implementations of mpo_check_vnode_deleteextattr() and
mpo_check_vnode_listextattr() for Biba, MLS, and BSD Extended.

Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories

show more ...


# de889223 05-Jul-2003 Robert Watson <rwatson@FreeBSD.org>

Remove trailing whitespace.


Revision tags: release/5.1.0_cvs, release/5.1.0, release/4.8.0_cvs, release/4.8.0
# 78183ac2 27-Mar-2003 Robert Watson <rwatson@FreeBSD.org>

Trim "trustedbsd_" from the front of the policy module "short names";
the vendor is only included in the long name currently, reducing
verbosity when modules are registered and unregistered.

Obtaine

Trim "trustedbsd_" from the front of the policy module "short names";
the vendor is only included in the long name currently, reducing
verbosity when modules are registered and unregistered.

Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories

show more ...


# 96c33a0c 25-Mar-2003 Robert Watson <rwatson@FreeBSD.org>

Expand scope of the BSD extended "file system firewall" policy to
include a new entry point available for enforcement:

mac_bsdextended_check_system_swapon() - Apply extended access
control check

Expand scope of the BSD extended "file system firewall" policy to
include a new entry point available for enforcement:

mac_bsdextended_check_system_swapon() - Apply extended access
control checks to the file target of swap.

Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories

show more ...


# a163d034 19-Feb-2003 Warner Losh <imp@FreeBSD.org>

Back out M_* changes, per decision of the TRB.

Approved by: trb


# 44956c98 21-Jan-2003 Alfred Perlstein <alfred@FreeBSD.org>

Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.


Revision tags: release/5.0.0_cvs, release/5.0.0
# 5bf93d25 29-Dec-2002 Robert Watson <rwatson@FreeBSD.org>

Map VAPPEND to VWRITE since the ugidfw rule syntax doesn't specifically
address the append access mode.

Reported by: "Daniel C. Sobral" <dcs@newsguy.com>
Obtained from: TrustedBSD Project
Sponosred

Map VAPPEND to VWRITE since the ugidfw rule syntax doesn't specifically
address the append access mode.

Reported by: "Daniel C. Sobral" <dcs@newsguy.com>
Obtained from: TrustedBSD Project
Sponosred by: DARPA, Network Associates Laboratories

MFC Candidate.

show more ...


# ef5def59 08-Nov-2002 Robert Watson <rwatson@FreeBSD.org>

Update MAC modules for changes in arguments for exec MAC policy
entry points to include an explicit execlabel.

Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associat

Update MAC modules for changes in arguments for exec MAC policy
entry points to include an explicit execlabel.

Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories

show more ...


# 939b97cb 05-Nov-2002 Robert Watson <rwatson@FreeBSD.org>

Update policy modules for changes in arguments associated with support
for label access on the interpreter, not just the shell script. No
policies currently present in the system rely on the new lab

Update policy modules for changes in arguments associated with support
for label access on the interpreter, not just the shell script. No
policies currently present in the system rely on the new labels.

show more ...


123456