Page MenuHomeFreeBSD
Differential D19860

Increase the number of MAC rules, allow limiting mac_portcl use to given GID
Needs ReviewPublic
Actions

Authored by terba_protonmail.com on Apr 9 2019, 10:42 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Apr 20, 5:41 AM
Unknown Object (File)
Fri, Mar 29, 2:50 PM
Unknown Object (File)
Feb 27 2024, 8:02 PM
Unknown Object (File)
Jan 10 2024, 3:00 PM
Unknown Object (File)
Dec 20 2023, 7:18 AM
Unknown Object (File)
Dec 12 2023, 6:59 PM
Unknown Object (File)
Dec 8 2023, 9:33 PM
Unknown Object (File)
Jul 3 2023, 4:22 AM
View All 10 Files
Subscribers
debdrup
imp
Contributor Reviews (src)

Details

Reviewers
rwatson
Summary

Current value of MAC_RULE_STRING_LEN allows creating 50-60 rules. Patch increases this value and also adds a sysctl variable to allow limiting mac_portcl use to a given user group.

Test Plan

Value changed might need adjusting. Applies cleanly on 11.2, 12.0 and HEAD.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

terba_protonmail.com created this revision.Apr 9 2019, 10:42 AM
Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptApr 9 2019, 10:42 AM
debdrup added a subscriber: debdrup.Apr 10 2019, 2:22 PM

I'm not a commiter, but since this looks like a neat thing to have, may I suggest you get some reviewers added?
One way to find reviewers is to look through the code for who touched these bits (MFU/MRU-like) and then ask them if they want to review it, or send an email to the appropriate mailing list asking for reviewers.

terba_protonmail.com added a reviewer: rwatson.May 3 2019, 6:52 PM
rwatson added a comment.May 4 2019, 12:38 PM

Could you re-upload this patch with full context? If you use 'arc' to update the patch in place, starting with an ordinary Subversion checkout + your patch applied, I think it should do the right thing.

Revision Contents
Changeset List

PathSize
usr/
src/
sys/
security/
mac_portacl/
10 lines

Diff 55983

View Options

mac_portacl.c

Loading...