mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-21 18:50:50 +01:00
1554ba03b6
This module allows controlled privilege escallation via mac labels securely associated with a process via mac_veriexec. There are over 700 PRIV_* but we can compress many of them into a single GBL_* thus constraining the size of gbl labels. The goal is to allow a daemon to run as an unprivileged process while still being able a set of privileged operations needed. We add APIs to libveriexec so that userland processes can check labels and an exec_script API that allows a suitably labeled process to run something like a python interpreter directly if necessary; overcomming the 'indirect' flag applied to the interpreter. Add -l option to sbin/veriexec to report labels. Reviewed by: stevek Sponsored by: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D41431
20 lines
325 B
Makefile
20 lines
325 B
Makefile
# Autogenerated - do NOT edit!
|
|
|
|
DIRDEPS = \
|
|
include \
|
|
include/xlocale \
|
|
lib/${CSU_DIR} \
|
|
lib/libbearssl \
|
|
lib/libc \
|
|
lib/libcompiler_rt \
|
|
lib/libsecureboot \
|
|
lib/libveriexec \
|
|
usr.bin/yacc.host \
|
|
|
|
|
|
.include <dirdeps.mk>
|
|
|
|
.if ${DEP_RELDIR} == ${_DEP_RELDIR}
|
|
# local dependencies - needed for -jN in clean tree
|
|
.endif
|