kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/sysutils/mac_nonet/distinfo
Tobias Kortkamp 6e0e67131f New port: sysutils/mac_nonet 
Simple MAC framework policy to disable access to networking for
certain group.  Running kldload mac_nonet.ko to load the kernel
module.  The load action require root permissions.

Set gid that shouldn't access the network:
    sysctl security.mac.nonet.gid=31337
and enable enforcing:
     sysctl security.mac.nonet.enabled=1

Any call to socket(2) from user in this group will end with EPERM.
You can also select group that can access only AF_UNIX sockets with
security.mac.nonet.local_gid.

WWW: https://github.com/pbiernacki/mac_nonet

PR:		219376
Submitted by:	amutu@amutu.com
Reviewed by:	bapt
2018-03-12 07:05:24 +00:00

3 lines
213 B
Text
Raw Blame History

TIMESTAMP = 1495107566
SHA256 (pbiernacki-mac_nonet-g20150821-f7e008a_GH0.tar.gz) = 996281aa2e26528cbc4c265101e5f3996958cc816cb3434d412c5b6f51df6604
SIZE (pbiernacki-mac_nonet-g20150821-f7e008a_GH0.tar.gz) = 1862
Reference in a new issue View git blame Copy permalink