HomeFreeBSD
Diffusion FreeBSD src repository 87c06b7d026f

MAC/do: Output errors when parsing rules
87c06b7d026f
Actions

Description

MAC/do: Output errors when parsing rules

So that administrators can more easily know what the problem is with the
rules they are trying to set.

The new sysctl 'security.mac.do.print_parse_error' controls whether
trying to set sysctl 'security.mac.do.rules' with invalid rules triggers
printing of the error on the system console.

Setting jail parameters directlty reports an error to the calling
process thanks to the VFS options mechanism used by the jail machinery,
so is not controlled by the new sysctl setting.

Reviewed by: bapt
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47617

Details

Provenance
olceAuthored on Aug 7 2024, 9:25 AM
Reviewer
bapt
Differential Revision
D47617: MAC/do: Output errors when parsing rules
Parents
rG6c3def74e2de: MAC/do: Support multiple users and groups as single rule's targets
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
security/
mac_do/

rG87c06b7d026f

View Options

sys/security/mac_do/mac_do.c

Loading...