head	1.3;
access;
symbols
	RELENG_8_4:1.3.0.2
	RELENG_9_1_0_RELEASE:1.2.28.1.4.2
	RELENG_9_1:1.2.28.1.0.4
	RELENG_9_1_BP:1.2.28.1
	RELENG_8_3_0_RELEASE:1.2.22.1.8.1
	RELENG_8_3:1.2.22.1.0.8
	RELENG_8_3_BP:1.2.22.1
	RELENG_9_0_0_RELEASE:1.2.28.1.2.1
	RELENG_9_0:1.2.28.1.0.2
	RELENG_9_0_BP:1.2.28.1
	RELENG_9:1.2.0.28
	RELENG_9_BP:1.2
	RELENG_7_4_0_RELEASE:1.2.26.1
	RELENG_8_2_0_RELEASE:1.2.22.1.6.1
	RELENG_7_4:1.2.0.26
	RELENG_7_4_BP:1.2
	RELENG_8_2:1.2.22.1.0.6
	RELENG_8_2_BP:1.2.22.1
	RELENG_8_1_0_RELEASE:1.2.22.1.4.1
	RELENG_8_1:1.2.22.1.0.4
	RELENG_8_1_BP:1.2.22.1
	RELENG_7_3_0_RELEASE:1.2.24.1
	RELENG_7_3:1.2.0.24
	RELENG_7_3_BP:1.2
	RELENG_8_0_0_RELEASE:1.2.22.1.2.1
	RELENG_8_0:1.2.22.1.0.2
	RELENG_8_0_BP:1.2.22.1
	RELENG_8:1.2.0.22
	RELENG_8_BP:1.2
	RELENG_7_2_0_RELEASE:1.2.20.1
	RELENG_7_2:1.2.0.20
	RELENG_7_2_BP:1.2
	RELENG_7_1_0_RELEASE:1.2.18.1
	RELENG_6_4_0_RELEASE:1.2.16.1
	RELENG_7_1:1.2.0.18
	RELENG_7_1_BP:1.2
	RELENG_6_4:1.2.0.16
	RELENG_6_4_BP:1.2
	RELENG_7_0_0_RELEASE:1.2
	RELENG_6_3_0_RELEASE:1.2
	RELENG_7_0:1.2.0.14
	RELENG_7_0_BP:1.2
	RELENG_6_3:1.2.0.12
	RELENG_6_3_BP:1.2
	RELENG_7:1.2.0.10
	RELENG_7_BP:1.2
	RELENG_6_2_0_RELEASE:1.2
	RELENG_6_2:1.2.0.8
	RELENG_6_2_BP:1.2
	RELENG_5_5_0_RELEASE:1.1
	RELENG_5_5:1.1.0.12
	RELENG_5_5_BP:1.1
	RELENG_6_1_0_RELEASE:1.2
	RELENG_6_1:1.2.0.6
	RELENG_6_1_BP:1.2
	RELENG_6_0_0_RELEASE:1.2
	RELENG_6_0:1.2.0.4
	RELENG_6_0_BP:1.2
	RELENG_6:1.2.0.2
	RELENG_6_BP:1.2
	RELENG_5_4_0_RELEASE:1.1
	RELENG_5_4:1.1.0.10
	RELENG_5_4_BP:1.1
	RELENG_5_3_0_RELEASE:1.1
	RELENG_5_3:1.1.0.8
	RELENG_5_3_BP:1.1
	RELENG_5:1.1.0.6
	RELENG_5_BP:1.1
	RELENG_5_2_1_RELEASE:1.1
	RELENG_5_2_0_RELEASE:1.1
	RELENG_5_2:1.1.0.4
	RELENG_5_2_BP:1.1
	RELENG_5_1_0_RELEASE:1.1
	RELENG_5_1:1.1.0.2
	RELENG_5_1_BP:1.1;
locks; strict;
comment	@# @;


1.3
date	2012.11.17.01.52.57;	author svnexp;	state Exp;
branches
	1.3.2.1;
next	1.2;

1.2
date	2004.12.30.13.49.01;	author rwatson;	state Exp;
branches
	1.2.2.1
	1.2.10.1
	1.2.16.1
	1.2.18.1
	1.2.20.1
	1.2.22.1
	1.2.24.1
	1.2.26.1
	1.2.28.1;
next	1.1;

1.1
date	2003.03.02.23.01.42;	author rwatson;	state Exp;
branches;
next	;

1.3.2.1
date	2012.11.17.01.52.57;	author svnexp;	state dead;
branches;
next	1.3.2.2;

1.3.2.2
date	2013.03.28.13.05.21;	author svnexp;	state Exp;
branches;
next	;

1.2.2.1
date	2012.11.17.07.44.21;	author svnexp;	state Exp;
branches;
next	;

1.2.10.1
date	2012.11.17.08.06.51;	author svnexp;	state Exp;
branches;
next	;

1.2.16.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;

1.2.18.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.2.20.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.2.22.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.2.22.1.2.1
	1.2.22.1.4.1
	1.2.22.1.6.1
	1.2.22.1.8.1;
next	1.2.22.2;

1.2.22.2
date	2012.11.17.10.36.57;	author svnexp;	state Exp;
branches;
next	;

1.2.22.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.2.22.1.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.2.22.1.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.2.22.1.8.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.2.22.1.8.2;

1.2.22.1.8.2
date	2012.11.17.08.25.33;	author svnexp;	state Exp;
branches;
next	;

1.2.24.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.2.26.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.2.26.2;

1.2.26.2
date	2012.11.17.08.17.27;	author svnexp;	state Exp;
branches;
next	;

1.2.28.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.2.28.1.2.1
	1.2.28.1.4.1;
next	1.2.28.2;

1.2.28.2
date	2012.11.17.11.37.17;	author svnexp;	state Exp;
branches;
next	;

1.2.28.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.2.28.1.2.2;

1.2.28.1.2.2
date	2012.11.17.08.37.14;	author svnexp;	state Exp;
branches;
next	;

1.2.28.1.4.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.2.28.1.4.2;

1.2.28.1.4.2
date	2012.11.17.08.48.05;	author svnexp;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Switching exporter and resync
@
text
@# $FreeBSD: head/sys/modules/mac_portacl/Makefile 139435 2004-12-30 13:49:01Z rwatson $

.PATH: ${.CURDIR}/../../security/mac_portacl

KMOD=	mac_portacl
SRCS=	mac_portacl.c

.include <bsd.kmod.mk>
@


1.3.2.1
log
@file Makefile was added on branch RELENG_8_4 on 2013-03-28 13:05:21 +0000
@
text
@d1 8
@


1.3.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 8
# $FreeBSD: releng/8.4/sys/modules/mac_portacl/Makefile 139435 2004-12-30 13:49:01Z rwatson $

.PATH: ${.CURDIR}/../../security/mac_portacl

KMOD=	mac_portacl
SRCS=	mac_portacl.c

.include <bsd.kmod.mk>
@


1.2
log
@mac_portacl.c no longer references vnode_if.h.
@
text
@d1 1
a1 1
# $FreeBSD$
@


1.2.10.1
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: stable/7/sys/modules/mac_portacl/Makefile 139435 2004-12-30 13:49:01Z rwatson $
@


1.2.2.1
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: stable/6/sys/modules/mac_portacl/Makefile 139435 2004-12-30 13:49:01Z rwatson $
@


1.2.28.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.2.28.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d1 1
a1 1
# $FreeBSD: stable/9/sys/modules/mac_portacl/Makefile 139435 2004-12-30 13:49:01Z rwatson $
@


1.2.28.1.4.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.2.28.1.4.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/9.1/sys/modules/mac_portacl/Makefile 139435 2004-12-30 13:49:01Z rwatson $
@


1.2.28.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.2.28.1.2.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/9.0/sys/modules/mac_portacl/Makefile 139435 2004-12-30 13:49:01Z rwatson $
@


1.2.26.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.2.26.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/7.4/sys/modules/mac_portacl/Makefile 139435 2004-12-30 13:49:01Z rwatson $
@


1.2.24.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.2.22.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.2.22.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d1 1
a1 1
# $FreeBSD: stable/8/sys/modules/mac_portacl/Makefile 139435 2004-12-30 13:49:01Z rwatson $
@


1.2.22.1.8.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.2.22.1.8.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/8.3/sys/modules/mac_portacl/Makefile 139435 2004-12-30 13:49:01Z rwatson $
@


1.2.22.1.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.2.22.1.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.2.22.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.2.20.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.2.18.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.2.16.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.1
log
@A cute yet small MAC policy that provides a simple ACL mechanism to
permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh.  The policy is twiddled using
sysctl(8).  To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired.  This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack.  It appears to work properly in my local configuration,
but needs more broad testing.

A sample policy might be:

  # sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"

This permits uid 425 to bind TCP sockets to ports 79 and 80.  Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
@
text
@d6 1
a6 2
SRCS=	vnode_if.h \
	mac_portacl.c
@

