Changeset View
Changeset View
Standalone View
Standalone View
mac_portacl.c
Context not available. | |||||
SYSCTL_INT(_security_mac_portacl, OID_AUTO, port_high, CTLFLAG_RWTUN, | SYSCTL_INT(_security_mac_portacl, OID_AUTO, port_high, CTLFLAG_RWTUN, | ||||
&portacl_port_high, 0, "Highest port to enforce for"); | &portacl_port_high, 0, "Highest port to enforce for"); | ||||
static int portacl_gid_only = 0; | |||||
SYSCTL_INT(_security_mac_portacl, OID_AUTO, gid_only, CTLFLAG_RW, | |||||
&portacl_gid_only, 0, "Check only given gid"); | |||||
static MALLOC_DEFINE(M_PORTACL, "portacl_rule", "Rules for mac_portacl"); | static MALLOC_DEFINE(M_PORTACL, "portacl_rule", "Rules for mac_portacl"); | ||||
#define MAC_RULE_STRING_LEN 1024 | #define MAC_RULE_STRING_LEN 2621500 | ||||
#define RULE_GID 1 | #define RULE_GID 1 | ||||
#define RULE_UID 2 | #define RULE_UID 2 | ||||
Context not available. | |||||
if (portacl_enabled == 0) | if (portacl_enabled == 0) | ||||
return (0); | return (0); | ||||
/* Gid only check */ | |||||
if (portacl_gid_only != 0 && cred->cr_gid != portacl_gid_only) | |||||
return (0); | |||||
/* Only interested in IPv4 and IPv6 sockets. */ | /* Only interested in IPv4 and IPv6 sockets. */ | ||||
if (so->so_proto->pr_domain->dom_family != PF_INET && | if (so->so_proto->pr_domain->dom_family != PF_INET && | ||||
so->so_proto->pr_domain->dom_family != PF_INET6) | so->so_proto->pr_domain->dom_family != PF_INET6) | ||||
Context not available. |