]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a1b6757) | patch
mac_ipacl: new MAC policy module to limit jail/vnet IP configuration
authorShivank Garg <shivank@freebsd.org>
Tue, 25 Jul 2023 20:27:06 +0000 (20:27 +0000)
committerBjoern A. Zeeb <bz@FreeBSD.org>
Wed, 26 Jul 2023 00:07:57 +0000 (00:07 +0000)
commit215bab7924f6c8e133a96431b3e2176d5fae1eff
tree78c32ee058e2181259105895e111211a534bd038tree | snapshot
parenta1b67573130114257fdd443c4ec9b54fbe2e5843commit | diff
mac_ipacl: new MAC policy module to limit jail/vnet IP configuration

The mac_ipacl policy module enables fine-grained control over IP address
configuration within VNET jails from the base system.
It allows the root user to define rules governing IP addresses for
jails and their interfaces using the sysctl interface.

Requested by: multiple
Sponsored by: Google, Inc. (GSoC 2019)
MFC after: 2 months
Reviewed by: bz, dch (both earlier versions)
Differential Revision: https://reviews.freebsd.org/D20967
20 files changed:
etc/mtree/BSD.tests.dist diff | blob | history
share/man/man4/Makefile diff | blob | history
share/man/man4/mac.4 diff | blob | history
share/man/man4/mac_ipacl.4 [new file with mode: 0644] blob
sys/conf/NOTES diff | blob | history
sys/conf/files diff | blob | history
sys/conf/options diff | blob | history
sys/modules/Makefile diff | blob | history
sys/modules/mac_ipacl/Makefile [new file with mode: 0644] blob
sys/netinet/in.c diff | blob | history
sys/netinet6/in6.c diff | blob | history
sys/security/mac/mac_framework.h diff | blob | history
sys/security/mac/mac_inet.c diff | blob | history
sys/security/mac/mac_inet6.c diff | blob | history
sys/security/mac/mac_policy.h diff | blob | history
sys/security/mac_ipacl/mac_ipacl.c [new file with mode: 0644] blob
tests/sys/mac/Makefile diff | blob | history
tests/sys/mac/ipacl/Makefile [new file with mode: 0644] blob
tests/sys/mac/ipacl/ipacl_test.sh [new file with mode: 0644] blob
tests/sys/mac/ipacl/utils.subr [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.