Date: Mon, 10 Jun 2019 19:17:24 +0530 From: Shivank Garg <shivank@freebsd.org> To: soc-status@freebsd.org Cc: "Bjoern A. Zeeb" <bz+soc@freebsd.org> Subject: [GSoC'19 Weekly Update] MAC policy on IP addresses in Jail Message-ID: <CAOVCmzF75kP%2B1LpjY61n==bOuORdwE55ZS-nRA_jo8KeypXxbg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi everyone, This project is aimed at developing a loadable MAC module with the "The TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled Jail can choose from. This week I did the following- * Understand and wrote TrustedBSD MAC framework bits for the mac_ipacl module. * Read the implementation of ifconfig and network modules in FreeBSD. (sys/netinet and sys/netinet6) * Checked the flow of code in the network modules(mainly in.c) by seeing printf logs. * I added MAC Framework checks in prison_check.c and tried simple tests with it. But I was going on the wrong path. So, had to check with my logic again. Do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl FreeBSD wiki: https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail Please feel free to share your ideas and feedback on this project. Regards, Shivank Garg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOVCmzF75kP%2B1LpjY61n==bOuORdwE55ZS-nRA_jo8KeypXxbg>