From owner-freebsd-current@FreeBSD.ORG  Tue Apr 25 07:26:13 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A1B2E16A400;
	Tue, 25 Apr 2006 07:26:13 +0000 (UTC) (envelope-from conrads@cox.net)
Received: from eastrmmtao03.cox.net (eastrmmtao03.cox.net [68.230.240.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DB13C43D46;
	Tue, 25 Apr 2006 07:26:12 +0000 (GMT) (envelope-from conrads@cox.net)
Received: from serene.no-ip.org ([72.200.25.154]) by eastrmmtao03.cox.net
	(InterMail vM.6.01.06.01 201-2131-130-101-20060113) with ESMTP
	id <20060425072611.GMYC15797.eastrmmtao03.cox.net@serene.no-ip.org>;
	Tue, 25 Apr 2006 03:26:11 -0400
Received: from localhost (localhost [127.0.0.1])
	by serene.no-ip.org (8.13.6/8.13.6) with ESMTP id k3P7QA8j021344;
	Tue, 25 Apr 2006 02:26:10 -0500 (CDT) (envelope-from conrads@cox.net)
Date: Tue, 25 Apr 2006 02:26:05 -0500
From: "Conrad J. Sabatier" <conrads@cox.net>
To: David Malone <dwmalone@freebsd.org>
Message-ID: <20060425022605.0f65e58c@localhost>
In-Reply-To: <200604231706.k3NH6I95038014@repoman.freebsd.org>
References: <200604231706.k3NH6I95038014@repoman.freebsd.org>
Organization: A Rag-Tag Band of Drug-Crazed Hippies
X-Mailer: Sylpheed-Claws 2.1.1 (GTK+ 2.8.17; amd64-portbld-freebsd7.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-current@freebsd.org
Subject: Re: cvs commit: src/lib/libugidfw libugidfw.3 ugidfw.c ugidfw.h
 src/sys/security/mac_bsdextended mac_bsdextended.c mac_bsdextended.h
 src/tools/regression/mac/mac_bsdextended test_matches.sh test_ugidfw.c
 src/usr.sbin/ugidfw ugidfw.8 ugidfw.c
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Apr 2006 07:26:13 -0000

On Sun, 23 Apr 2006 17:06:18 +0000 (UTC), David Malone
<dwmalone@freebsd.org> wrote:

> dwmalone    2006-04-23 17:06:18 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     lib/libugidfw        libugidfw.3 ugidfw.c ugidfw.h 
>     sys/security/mac_bsdextended mac_bsdextended.c 
>                                  mac_bsdextended.h 
>     tools/regression/mac/mac_bsdextended test_ugidfw.c 
>     usr.sbin/ugidfw      ugidfw.8 ugidfw.c 
>   Added files:
>     tools/regression/mac/mac_bsdextended test_matches.sh 
>   Log:
>   Add some new options to mac_bsdestended. We can now match on:
>   
>           subject: ranges of uid, ranges of gid, jail id
>           objects: ranges of uid, ranges of gid, filesystem,
>                   object is suid, object is sgid, object matches
> subject uid/gid object type
>   
>   We can also negate individual conditions. The ruleset language is
>   a superset of the previous language, so old rules should continue
>   to work.
>   
>   These changes require a change to the API between libugidfw and the
>   mac_bsdextended module. Add a version number, so we can tell if
>   we're running mismatched versions.
>   
>   Update man pages to reflect changes, add extra test cases to
>   test_ugidfw.c and add a shell script that checks that the the
>   module seems to do what we expect.
>   
>   Suggestions from: rwatson, trhodes
>   Reviewed by: trhodes
>   MFC after: 2 months
>   
>   Revision  Changes    Path
>   1.8       +0 -10     src/lib/libugidfw/libugidfw.3
>   1.11      +729 -167  src/lib/libugidfw/ugidfw.c
>   1.5       +0 -3      src/lib/libugidfw/ugidfw.h
>   1.29      +158 -25
> src/sys/security/mac_bsdextended/mac_bsdextended.c 1.6       +52
> -10    src/sys/security/mac_bsdextended/mac_bsdextended.h 1.1
> +167 -0    src/tools/regression/mac/mac_bsdextended/test_matches.sh
> (new) 1.3       +50 -8
> src/tools/regression/mac/mac_bsdextended/test_ugidfw.c 1.9       +195
> -44   src/usr.sbin/ugidfw/ugidfw.8 1.6       +1 -0
> src/usr.sbin/ugidfw/ugidfw.c

Something seems to have been broken by this commit:


===> usr.sbin/ugidfw (all)
cc -O2 -fno-strict-aliasing -pipe -DNO_MALLOC_EXTRAS -O3 -pipe
-funit-at-a-time -fno-strict-aliasing -ffast-math -march=athlon64
-c /usr/src/usr.sbin/ugidfw/ugidfw.c
In file included from
/usr/src/usr.sbin/ugidfw/ugidfw.c:40: /usr/obj/usr/src/tmp/usr/include/security/mac_bsdextended/mac_bsdextended.h:104:
error: field `mbo_fsid' has incomplete type *** Error code 1

Stop in /usr/src/usr.sbin/ugidfw.

(amd64, 7.0-CURRENT)

-- 
Conrad J. Sabatier <conrads@cox.net> -- "In Unix veritas"