Date: Mon, 24 Jun 2019 19:51:20 +0530 From: Shivank Garg <shivank@freebsd.org> To: soc-status@freebsd.org, "Bjoern A. Zeeb" <bz+soc@freebsd.org> Subject: [GSoC'19 Weekly Update] MAC policy on IP addresses in Jail Message-ID: <CAOVCmzGc3V_9RjfLmNYi3iz4tPMyjncTHt3F05h5V0kAinoSmA@mail.gmail.com>
index | next in thread | raw e-mail
Hi everyone! This project is aimed at developing a loadable MAC module with the "The TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled Jail can choose from. This week I made the following progress- * Added sysctl interface to the mac_ipacl module to allow/disallow IPv4/6 address to jail. * Added design notes for the policy structure of the new module * Tested the mac_ipacl module with tests script and added more tests to them. Currently, I am- * converting the policy into data structure * looking into the code ipfw/pf to get the idea about passing the rules. * looking into atf to integrate it with my test shell scripts. Do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl FreeBSD wiki: https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail Please feel free to share your ideas and feedback on this project. Regards, Shivank Garghome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOVCmzGc3V_9RjfLmNYi3iz4tPMyjncTHt3F05h5V0kAinoSmA>