aboutsummaryrefslogblamecommitdiff
path: root/sysutils/mac_nonet/pkg-descr
blob: 348c2b88068574162d63ae4dae4f342392ed26c2 (plain) (tree) 
6e0e67131f58














1
2
3
4
5
6
7
8
9
10
11
12
13
14














                                                                   
Simple MAC framework policy to disable access to networking for
certain group.  Running kldload mac_nonet.ko to load the kernel
module.  The load action require root permissions.

Set gid that shouldn't access the network: 
    sysctl security.mac.nonet.gid=31337
and enable enforcing:
     sysctl security.mac.nonet.enabled=1
     
Any call to socket(2) from user in this group will end with EPERM.
You can also select group that can access only AF_UNIX sockets with
security.mac.nonet.local_gid.

WWW: https://github.com/pbiernacki/mac_nonet
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-05 00:33:05 +0000