Paths

Table of Contentst

Differential D47617

MAC/do: Output errors when parsing rules
Needs ReviewPublic
Actions

Authored by olce on Fri, Nov 15, 5:08 PM.

Tags

None

Referenced Files

None

Subscribers

Details

Reviewers

Summary

This revision is part of a series. Click on the Stack tab below to see the context.
This series has also been squeezed into D47633 to provide an overall view.

Commit message:
So that administrators can more easily know what the problem is with the
rules they are trying to set.

The new sysctl 'security.mac.do.print_parse_error' controls whether
trying to set sysctl 'security.mac.do.rules' with invalid rules triggers
printing of the error on the system console.

Setting jail parameters directlty reports an error to the calling
process thanks to the VFS options mechanism used by the jail machinery,
so is not controlled by the new sysctl setting.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 60608
Build 57492: arc lint + arc unit

Event Timeline

olce created this revision.Fri, Nov 15, 5:08 PM

Herald added a subscriber: imp. · View Herald TranscriptFri, Nov 15, 5:08 PM

olce requested review of this revision.Fri, Nov 15, 5:08 PM

Harbormaster completed remote builds in B60608: Diff 146550.Fri, Nov 15, 5:08 PM

olce edited the summary of this revision. (Show Details)Fri, Nov 15, 10:45 PM

olce added a parent revision: D47616: MAC/do: Support multiple users and groups as single rule's targets.Fri, Nov 15, 10:47 PM

olce added a child revision: D47618: New setcred() system call and associated MAC hooks.

olce added a reviewer: bapt.Fri, Nov 15, 10:50 PM

olce added subscribers: lwhsu, emaste.Fri, Nov 15, 10:52 PM

Revision Contents
Changeset List

Path

Size

sys/

security/

mac_do/

228 lines

Diff 146550

sys/security/mac_do/mac_do.c

Loading...