mdo(1): Use setcred() to change credentialsAs this is the only system call that MAC/do currently supports, and theonly one that really can be for transitions involving simultaneouschanges of user
mdo(1): Use setcred() to change credentialsAs this is the only system call that MAC/do currently supports, and theonly one that really can be for transitions involving simultaneouschanges of user and group IDs.Reviewed by: baptApproved by: markj (mentor)Sponsored by: The FreeBSD FoundationDifferential Revision: https://reviews.freebsd.org/D47621
show more ...
manuals: Fix "unusual .Xr" warnings with a scriptThese were reported by `mandoc -T lint ...` as warnings:- unusual Xr order- unusual Xr punctuationFixes made by script in https://github.com/Tar
manuals: Fix "unusual .Xr" warnings with a scriptThese were reported by `mandoc -T lint ...` as warnings:- unusual Xr order- unusual Xr punctuationFixes made by script in https://github.com/Tarsnap/freebsd-doc-scriptsSigned-off-by: Graham Percival <gperciva@tarsnap.com>Reviewed by: mhorne, Alexander Ziaee <concussious.bugzilla@runbox.com>Sponsored by: Tarsnap Backup Inc.Pull Request: https://github.com/freebsd/freebsd-src/pull/1464
mac_do: add a new MAC/do policy and mdo(1) utilityThis policy enables a user to become another user without having to beroot (hence no setuid binary). it is configured via rules using sysctlsecur
mac_do: add a new MAC/do policy and mdo(1) utilityThis policy enables a user to become another user without having to beroot (hence no setuid binary). it is configured via rules using sysctlsecurity.mac.do.rulesFor example:security.mac.do.rules=uid=1001:80,gid=0:anyThe above rule means the user identifier by the uid 1001 is able tobecome user 80Any user of the group 0 are allowed to become any user on the system.The mdo(1) utility expects the MAC/do policy to be installed and itsrules defined.Reviewed by: desDifferential Revision: https://reviews.freebsd.org/D45145