Page MenuHomeFreeBSD

Increase the number of MAC rules, allow limiting mac_portcl use to given GID
Needs ReviewPublic

Authored by terba_protonmail.com on Apr 9 2019, 10:42 AM.

Details

Reviewers
rwatson
Summary

Current value of MAC_RULE_STRING_LEN allows creating 50-60 rules. Patch increases this value and also adds a sysctl variable to allow limiting mac_portcl use to a given user group.

Test Plan

Value changed might need adjusting. Applies cleanly on 11.2, 12.0 and HEAD.

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

I'm not a commiter, but since this looks like a neat thing to have, may I suggest you get some reviewers added?
One way to find reviewers is to look through the code for who touched these bits (MFU/MRU-like) and then ask them if they want to review it, or send an email to the appropriate mailing list asking for reviewers.

Could you re-upload this patch with full context? If you use 'arc' to update the patch in place, starting with an ordinary Subversion checkout + your patch applied, I think it should do the right thing.