opnsense-src

mirror of https://github.com/opnsense/src.git synced 2026-02-03 20:49:35 -05:00

History

Baptiste Daroussin c333758fca mac_do: add a new MAC/do policy and mdo(1) utility This policy enables a user to become another user without having to be root (hence no setuid binary). it is configured via rules using sysctl security.mac.do.rules For example: security.mac.do.rules=uid=1001:80,gid=0:any The above rule means the user identifier by the uid 1001 is able to become user 80 Any user of the group 0 are allowed to become any user on the system. The mdo(1) utility expects the MAC/do policy to be installed and its rules defined. Reviewed by: des Differential Revision: https://reviews.freebsd.org/D45145 (cherry picked from commit 8aac90f18aef7c9eea906c3ff9a001ca7b94f375)	2024-06-27 10:44:29 +02:00
..
Makefile

Baptiste Daroussin c333758fca mac_do: add a new MAC/do policy and mdo(1) utility

This policy enables a user to become another user without having to be
root (hence no setuid binary). it is configured via rules using sysctl
security.mac.do.rules

For example:
security.mac.do.rules=uid=1001:80,gid=0:any

The above rule means the user identifier by the uid 1001 is able to
become user 80
Any user of the group 0 are allowed to become any user on the system.

The mdo(1) utility expects the MAC/do policy to be installed and its
rules defined.

Reviewed by:	des
Differential Revision:	https://reviews.freebsd.org/D45145

(cherry picked from commit 8aac90f18aef7c9eea906c3ff9a001ca7b94f375)

2024-06-27 10:44:29 +02:00

Makefile