Re: cvs commit: src/lib/libugidfw libugidfw.3 ugidfw.c ugidfw.h src/sys/security/mac_bsdextended mac_bsdextended.c mac_bsdextended.h src/tools/regression/mac/mac_bsdextended test_matches.sh test_ugidfw.c src/usr.sbin/ugidfw ugidfw.8 ugidfw.c

From: Conrad J. Sabatier <conrads_at_cox.net> Date: Tue, 25 Apr 2006 02:26:05 -0500 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:55 UTC

On Sun, 23 Apr 2006 17:06:18 +0000 (UTC), David Malone
<dwmalone_at_freebsd.org> wrote:

> dwmalone    2006-04-23 17:06:18 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     lib/libugidfw        libugidfw.3 ugidfw.c ugidfw.h 
>     sys/security/mac_bsdextended mac_bsdextended.c 
>                                  mac_bsdextended.h 
>     tools/regression/mac/mac_bsdextended test_ugidfw.c 
>     usr.sbin/ugidfw      ugidfw.8 ugidfw.c 
>   Added files:
>     tools/regression/mac/mac_bsdextended test_matches.sh 
>   Log:
>   Add some new options to mac_bsdestended. We can now match on:
>   
>           subject: ranges of uid, ranges of gid, jail id
>           objects: ranges of uid, ranges of gid, filesystem,
>                   object is suid, object is sgid, object matches
> subject uid/gid object type
>   
>   We can also negate individual conditions. The ruleset language is
>   a superset of the previous language, so old rules should continue
>   to work.
>   
>   These changes require a change to the API between libugidfw and the
>   mac_bsdextended module. Add a version number, so we can tell if
>   we're running mismatched versions.
>   
>   Update man pages to reflect changes, add extra test cases to
>   test_ugidfw.c and add a shell script that checks that the the
>   module seems to do what we expect.
>   
>   Suggestions from: rwatson, trhodes
>   Reviewed by: trhodes
>   MFC after: 2 months
>   
>   Revision  Changes    Path
>   1.8       +0 -10     src/lib/libugidfw/libugidfw.3
>   1.11      +729 -167  src/lib/libugidfw/ugidfw.c
>   1.5       +0 -3      src/lib/libugidfw/ugidfw.h
>   1.29      +158 -25
> src/sys/security/mac_bsdextended/mac_bsdextended.c 1.6       +52
> -10    src/sys/security/mac_bsdextended/mac_bsdextended.h 1.1
> +167 -0    src/tools/regression/mac/mac_bsdextended/test_matches.sh
> (new) 1.3       +50 -8
> src/tools/regression/mac/mac_bsdextended/test_ugidfw.c 1.9       +195
> -44   src/usr.sbin/ugidfw/ugidfw.8 1.6       +1 -0
> src/usr.sbin/ugidfw/ugidfw.c

Something seems to have been broken by this commit:

===> usr.sbin/ugidfw (all)
cc -O2 -fno-strict-aliasing -pipe -DNO_MALLOC_EXTRAS -O3 -pipe
-funit-at-a-time -fno-strict-aliasing -ffast-math -march=athlon64
-c /usr/src/usr.sbin/ugidfw/ugidfw.c
In file included from
/usr/src/usr.sbin/ugidfw/ugidfw.c:40: /usr/obj/usr/src/tmp/usr/include/security/mac_bsdextended/mac_bsdextended.h:104:
error: field `mbo_fsid' has incomplete type *** Error code 1

Stop in /usr/src/usr.sbin/ugidfw.

(amd64, 7.0-CURRENT)

-- 
Conrad J. Sabatier <conrads_at_cox.net> -- "In Unix veritas"