Date: Tue, 28 Jun 2005 12:50:37 GMT From: Samy Al Bahra <samy@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 79076 for review Message-ID: <200506281250.j5SCobA8068676@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=79076 Change 79076 by samy@samy_home on 2005/06/28 12:50:36 The mac_suidacl policy takes advantage of the new setxid() MAC entry points (and check_vnode_exec) to control access of credential-changing elements of a system (at a uid and gid level). This is a trivial modification of the mac_portacl module. Approved by: rwatson Affected files ... .. //depot/projects/trustedbsd/mac/share/man/man4/Makefile#52 edit .. //depot/projects/trustedbsd/mac/share/man/man4/mac_suidacl.4#1 add .. //depot/projects/trustedbsd/mac/sys/conf/files#118 edit .. //depot/projects/trustedbsd/mac/sys/modules/mac_suidacl/Makefile#1 add .. //depot/projects/trustedbsd/mac/sys/security/mac_suidacl/mac_suidacl.c#1 add Differences ... ==== //depot/projects/trustedbsd/mac/share/man/man4/Makefile#52 (text+ko) ==== @@ -142,6 +142,7 @@ mac_partition.4 \ mac_portacl.4 \ mac_seeotheruids.4 \ + mac_suidacl.4 \ mac_support.4 \ mac_stub.4 \ mac_test.4 \ ==== //depot/projects/trustedbsd/mac/sys/conf/files#118 (text+ko) ==== @@ -1767,6 +1767,7 @@ security/mac_portacl/mac_portacl.c optional mac_portacl security/mac_seeotheruids/mac_seeotheruids.c optional mac_seeotheruids security/mac_stub/mac_stub.c optional mac_stub +security/mac_suidacl/mac_suidacl.c optional mac_suidacl security/mac_test/mac_test.c optional mac_test ufs/ffs/ffs_alloc.c optional ffs ufs/ffs/ffs_balloc.c optional ffs
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506281250.j5SCobA8068676>