History log of /freebsd-14.2/sys/modules/mac_do/Makefile (Results 1 – 1 of 1)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: release/13.4.0-p5, release/13.5.0-p1, release/14.2.0-p3, release/13.5.0, release/14.2.0-p2, release/14.1.0-p8, release/13.4.0-p4, release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3, release/14.2.0, release/13.4.0, release/14.1.0
# c333758f 09-May-2024 Baptiste Daroussin <[email protected]>

mac_do: add a new MAC/do policy and mdo(1) utility

This policy enables a user to become another user without having to be
root (hence no setuid binary). it is configured via rules using sysctl
secur

mac_do: add a new MAC/do policy and mdo(1) utility

This policy enables a user to become another user without having to be
root (hence no setuid binary). it is configured via rules using sysctl
security.mac.do.rules

For example:
security.mac.do.rules=uid=1001:80,gid=0:any

The above rule means the user identifier by the uid 1001 is able to
become user 80
Any user of the group 0 are allowed to become any user on the system.

The mdo(1) utility expects the MAC/do policy to be installed and its
rules defined.

Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D45145

(cherry picked from commit 8aac90f18aef7c9eea906c3ff9a001ca7b94f375)

show more ...