Page MenuHomeFreeBSD
Files F156563341

D48129.id148185.diff
No OneTemporary
Actions

D48129.id148185.diff
View Options

diff --git a/share/man/man4/mac_do.4 b/share/man/man4/mac_do.4
--- a/share/man/man4/mac_do.4
+++ b/share/man/man4/mac_do.4
@@ -3,7 +3,7 @@
.\"
.\" SPDX-License-Identifier: BSD-2-Clause
.\"
-.Dd May 22, 2024
+.Dd December 17, 2024
.Dt MAC_DO 4
.Os
.Sh NAME
@@ -41,6 +41,11 @@
(Default: 1).
.It Va security.mac.do.rules
The set of rules.
+.It Va security.mac.do.log
+Enable logging of
+.Nm
+activity.
+(Default: 0).
.El
.Pp
The rules consist of a list of elements separated by
diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -45,6 +45,10 @@
&print_parse_error, 0, "Print parse errors on setting rules "
"(via sysctl(8)).");
+static int do_log = 0;
+SYSCTL_INT(_security_mac_do, OID_AUTO, log, CTLFLAG_RWTUN,
+ &do_log, 0, "Log mac_do invocations");
+
static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do");
#define MAC_RULE_STRING_LEN 1024
@@ -1974,6 +1978,12 @@
error = EPERM;
STAILQ_FOREACH(rule, &rules->head, r_entries)
if (rule_applies(rule, cred)) {
+ if (do_log)
+ printf("MAC/do: switching UID %u to %u, GID %u to %u for pid %u\n",
+ cred->cr_uid, new_cred->cr_uid,
+ cred->cr_gid, new_cred->cr_gid,
+ curthread->td_proc->p_pid);
+
error = rule_grant_setcred(rule, cred, new_cred);
if (error != EPERM)
break;
@@ -1991,7 +2001,7 @@
/*
* Only grant privileges if requested by the right executable.
*
- * XXXOC: We may want to base this check on a tunable path and/or
+ * XXX: We may want to base this check on a tunable path and/or
* a specific MAC label. Going even further, e.g., envisioning to
* completely replace the path check with the latter, we would need to
* install FreeBSD on a FS with multilabel enabled by default, which in

File Metadata

Mime Type
text/plain
Expires
Fri, May 15, 4:59 PM (4 h, 9 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
33090880
Default Alt Text
D48129.id148185.diff (1 KB)

Event Timeline