mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-26 10:53:39 +01:00
8aac90f18a
This policy enables a user to become another user without having to be root (hence no setuid binary). it is configured via rules using sysctl security.mac.do.rules For example: security.mac.do.rules=uid=1001:80,gid=0:any The above rule means the user identifier by the uid 1001 is able to become user 80 Any user of the group 0 are allowed to become any user on the system. The mdo(1) utility expects the MAC/do policy to be installed and its rules defined. Reviewed by: des Differential Revision: https://reviews.freebsd.org/D45145
7 lines
101 B
Makefile
7 lines
101 B
Makefile
.PATH: ${SRCTOP}/sys/security/mac_do
|
|
|
|
KMOD= mac_do
|
|
SRCS= mac_do.c vnode_if.h
|
|
|
|
.include <bsd.kmod.mk>
|