#
c96ae196 |
| 06-Feb-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Continue 7-CURRENT MAC Framework rearrangement and cleanup:
Don't perform a nested include of _label.h in mac.h, as mac.h now describes only the user API to MAC, and _label.h defines the in-kernel
Continue 7-CURRENT MAC Framework rearrangement and cleanup:
Don't perform a nested include of _label.h in mac.h, as mac.h now describes only the user API to MAC, and _label.h defines the in-kernel representation of MAC labels.
Remove mac.h includes from policies and MAC framework components that do not use userspace MAC API definitions.
Add _KERNEL inclusion checks to mac_internal.h and mac_policy.h, as these are kernel-only include files
Obtained from: TrustedBSD Project
show more ...
|
Revision tags: release/6.2.0_cvs, release/6.2.0 |
|
#
0efd6615 |
| 23-Dec-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Move src/sys/sys/mac_policy.h, the kernel interface between the MAC Framework and security modules, to src/sys/security/mac/mac_policy.h, completing the removal of kernel-only MAC Framework include f
Move src/sys/sys/mac_policy.h, the kernel interface between the MAC Framework and security modules, to src/sys/security/mac/mac_policy.h, completing the removal of kernel-only MAC Framework include files from src/sys/sys. Update the MAC Framework and MAC policy modules. Delete the old mac_policy.h.
Third party policy modules will need similar updating.
Obtained from: TrustedBSD Project
show more ...
|
#
acd3428b |
| 06-Nov-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
show more ...
|
Revision tags: release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0 |
|
#
89ddbd45 |
| 23-Apr-2006 |
David Malone <dwmalone@FreeBSD.org> |
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, ob
Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id objects: ranges of uid, ranges of gid, filesystem, object is suid, object is sgid, object matches subject uid/gid object type
We can also negate individual conditions. The ruleset language is a superset of the previous language, so old rules should continue to work.
These changes require a change to the API between libugidfw and the mac_bsdextended module. Add a version number, so we can tell if we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to test_ugidfw.c and add a shell script that checks that the the module seems to do what we expect.
Suggestions from: rwatson, trhodes Reviewed by: trhodes MFC after: 2 months
show more ...
|
#
42ae38e9 |
| 04-Mar-2006 |
David Malone <dwmalone@FreeBSD.org> |
Create a mac_bsdextended_check_vp function that takes a cred, a vnode and a mode and checks if a given access mode is permitted. This centralises the mac_bsdextended_enabled check and the GETATTR cal
Create a mac_bsdextended_check_vp function that takes a cred, a vnode and a mode and checks if a given access mode is permitted. This centralises the mac_bsdextended_enabled check and the GETATTR calls and makes the implementation of the mac policy methods simple.
This should make it easier for us to match vnodes on more complex attributes than just uid and gid in the future, but for now there should be no functional change.
Approved/Reviewed by: rwatson, trhodes MFC after: 1 month
show more ...
|
#
e1216740 |
| 15-Jan-2006 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Fix potential overrun of static stack allocated array which stores the rules. If an array is N elements large, we can only access elements 0..(N-1).
MFC after: 1 week Found with: Coverity Prevent(tm)
|
Revision tags: release/6.0.0_cvs, release/6.0.0 |
|
#
096dd406 |
| 28-Jul-2005 |
Tom Rhodes <trhodes@FreeBSD.org> |
If a "hole" opens up in the ruleset (i.e.: remove 5), do not return unknown error. Instead, just return error.
Submitted by: avatar Tested by: trhodes
|
Revision tags: release/5.4.0_cvs, release/5.4.0 |
|
#
a203d978 |
| 22-Apr-2005 |
Tom Rhodes <trhodes@FreeBSD.org> |
Add locking support to mac_bsdextended:
- Introduce a global mutex, mac_bsdextended_mtx, to protect the rule array and hold this mutex over use and modification of the rule array and rules. -
Add locking support to mac_bsdextended:
- Introduce a global mutex, mac_bsdextended_mtx, to protect the rule array and hold this mutex over use and modification of the rule array and rules. - Re-order and clean up sysctl_rule so that copyin/copyout/update happen in the right order (suggested by: jhb done by rwatson).
show more ...
|
Revision tags: release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0 |
|
#
46e23372 |
| 22-Oct-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Minor white space synchronization and line wrapping.
|
#
bda37097 |
| 21-Oct-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Bump copyright dates for NETA on these files.
|
#
2e74bca1 |
| 21-Oct-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Modify mac_bsdextended policy so that it defines its own vnode access right bits rather than piggy-backing on the V* rights defined in vnode.h. The mac_bsdextended bits are given the same values as
Modify mac_bsdextended policy so that it defines its own vnode access right bits rather than piggy-backing on the V* rights defined in vnode.h. The mac_bsdextended bits are given the same values as the V* bits to make the new kernel module binary compatible with the old version of libugidfw that uses V* bits. This avoids leaking kernel API/ABI to user management tools, and in particular should remove the need for libugidfw to include vnode.h.
Requested by: phk
show more ...
|
#
88af0398 |
| 10-Sep-2004 |
Tom Rhodes <trhodes@FreeBSD.org> |
Remove the debugging tunable, it was not being used. Enable first match by default.[1]
We should: rwatson [1]
|
#
60673f35 |
| 21-Aug-2004 |
Tom Rhodes <trhodes@FreeBSD.org> |
Allow mac_bsdextended(4) to log failed attempts to syslog's AUTHPRIV facility. This is disabled by default but may be turned on by using the mac_bsdextended_logging sysctl.
Reviewed by: re (jhb) Ap
Allow mac_bsdextended(4) to log failed attempts to syslog's AUTHPRIV facility. This is disabled by default but may be turned on by using the mac_bsdextended_logging sysctl.
Reviewed by: re (jhb) Approved by: re (jhb)
show more ...
|
#
fa31f180 |
| 21-Aug-2004 |
Tom Rhodes <trhodes@FreeBSD.org> |
Give the mac_bsdextended(4) policy the ability to match and apply on a first rule only in place of all rules match. This is similar to how ipfw(8) works.
Provide a sysctl, mac_bsdextended_firstmatc
Give the mac_bsdextended(4) policy the ability to match and apply on a first rule only in place of all rules match. This is similar to how ipfw(8) works.
Provide a sysctl, mac_bsdextended_firstmatch_enabled, to enable this feature.
Reviewed by: re (jhb) Aprroved by: re (jhb)
show more ...
|
#
56c38cd9 |
| 23-Jul-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Allow an effective uid of root to bypass mac_bsdextended rules; the MAC Framework can restrict the root user, but this policy is not intended to support that.
Stylish Swiss footwear provided for: tr
Allow an effective uid of root to bypass mac_bsdextended rules; the MAC Framework can restrict the root user, but this policy is not intended to support that.
Stylish Swiss footwear provided for: trhodes
show more ...
|
Revision tags: release/4.10.0_cvs, release/4.10.0, release/5.2.1_cvs, release/5.2.1 |
|
#
f6a41092 |
| 22-Feb-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Update my personal copyrights and NETA copyrights in the kernel to use the "year1-year3" format, as opposed to "year1, year2, year3". This seems to make lawyers more happy, but also prevents the line
Update my personal copyrights and NETA copyrights in the kernel to use the "year1-year3" format, as opposed to "year1, year2, year3". This seems to make lawyers more happy, but also prevents the lines from getting excessively long as the years start to add up.
Suggested by: imp
show more ...
|
Revision tags: release/5.2.0_cvs, release/5.2.0, release/4.9.0_cvs, release/4.9.0 |
|
#
54e2c147 |
| 21-Aug-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Implementations of mpo_check_vnode_deleteextattr() and mpo_check_vnode_listextattr() for Biba, MLS, and BSD Extended.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Labora
Implementations of mpo_check_vnode_deleteextattr() and mpo_check_vnode_listextattr() for Biba, MLS, and BSD Extended.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
show more ...
|
#
de889223 |
| 05-Jul-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Remove trailing whitespace.
|
Revision tags: release/5.1.0_cvs, release/5.1.0, release/4.8.0_cvs, release/4.8.0 |
|
#
78183ac2 |
| 27-Mar-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Trim "trustedbsd_" from the front of the policy module "short names"; the vendor is only included in the long name currently, reducing verbosity when modules are registered and unregistered.
Obtaine
Trim "trustedbsd_" from the front of the policy module "short names"; the vendor is only included in the long name currently, reducing verbosity when modules are registered and unregistered.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
show more ...
|
#
96c33a0c |
| 25-Mar-2003 |
Robert Watson <rwatson@FreeBSD.org> |
Expand scope of the BSD extended "file system firewall" policy to include a new entry point available for enforcement:
mac_bsdextended_check_system_swapon() - Apply extended access control check
Expand scope of the BSD extended "file system firewall" policy to include a new entry point available for enforcement:
mac_bsdextended_check_system_swapon() - Apply extended access control checks to the file target of swap.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
show more ...
|
#
a163d034 |
| 19-Feb-2003 |
Warner Losh <imp@FreeBSD.org> |
Back out M_* changes, per decision of the TRB.
Approved by: trb
|
#
44956c98 |
| 21-Jan-2003 |
Alfred Perlstein <alfred@FreeBSD.org> |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
Revision tags: release/5.0.0_cvs, release/5.0.0 |
|
#
5bf93d25 |
| 29-Dec-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Map VAPPEND to VWRITE since the ugidfw rule syntax doesn't specifically address the append access mode.
Reported by: "Daniel C. Sobral" <dcs@newsguy.com> Obtained from: TrustedBSD Project Sponosred
Map VAPPEND to VWRITE since the ugidfw rule syntax doesn't specifically address the append access mode.
Reported by: "Daniel C. Sobral" <dcs@newsguy.com> Obtained from: TrustedBSD Project Sponosred by: DARPA, Network Associates Laboratories
MFC Candidate.
show more ...
|
#
ef5def59 |
| 08-Nov-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Update MAC modules for changes in arguments for exec MAC policy entry points to include an explicit execlabel.
Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associat
Update MAC modules for changes in arguments for exec MAC policy entry points to include an explicit execlabel.
Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
show more ...
|
#
939b97cb |
| 05-Nov-2002 |
Robert Watson <rwatson@FreeBSD.org> |
Update policy modules for changes in arguments associated with support for label access on the interpreter, not just the shell script. No policies currently present in the system rely on the new lab
Update policy modules for changes in arguments associated with support for label access on the interpreter, not just the shell script. No policies currently present in the system rely on the new labels.
show more ...
|