Added a sysctl control to prevent the system from crashing.
See the bug #1
Signed-off-by: Loic <loic.f@hardenedbsd.org>

Typo fix for secadm.8

See merge request !1

Under the right conditions, secadm may cause a kernel panic due to an
SMAP violation:

1. kldload secadm
2. secadm add integriforce
3. secadm show
4. secadm flush
5. secadm add integriforce
6. secadm show <- panic here
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Reported-by:	Airbus CyberSecurity SAS
Submitted-by:	Airbus CyberSecurity SAS

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Check the proper variable when adding an Integriforce rule.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Submitted-by:	Airbus CyberSecurity Engineering Team

Upstream FreeBSD commit f121d45000fd1c42611ca1e54872bd4545398933 dropped
the last argument from VOP_UNLOCK.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Sponsored-by:	SoldierX

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

This change introduces the prefer_acl keyword, to control the order of
rule evaluation.

When the prefer_acl property was set on a specific rule, then it
overrides the settings came from FS-EA based hbsdcontrol.

FYI: by default the hbsdcontrol's settings overrides the secadm rules,
since hbsdcontrol's evaluation is after the MAC framework's check.
Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

With /bin/sh, if you give it "./" as a command, it will try to execute
that. This use case was not tested and could cause a kernel panic.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Sponsored-by:	SoldierX

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

KLD-related system calls have been hardened to disallow jailed users
from seeing any KLD information.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#34

It's already locked.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Update the manpages for Trusted Path Execution (TPE).
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

ABI changed.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

New secadm rule section: tpe. Members of tpe:
    - enable (boolean): Enable TPE
    - all (boolean): Enable TPE for all suers
    - invert (boolean): Invert GID logic
    - gid (int): The Group ID (GID) for which TPE applies

Fully-qualified example:

secadm {
	tpe {
		enable: true,
		gid: 10,
		invert: true,
	}
}
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

This introduces a new command to secadm: tpe. To enable TPE, use
`secadm tpe -T`. To disable TPE, use `secadm tpe -t`. To set the GID,
use `secadm tpe -g <gid>`. To enforce TPE for everyone, use `secadm
tpe -A`. To invert the GID, use `secadm tpe -g`. The GID by default is
0.

TODO:
    1) Documentation
    2) Support tpe in secadm.rules(5)
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Submitted-by: Piotr Kubaj <pkubaj@anongoth.pl>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Submitted-by: Piotr Kubaj <pkubaj@anongoth.pl>

- add WITHOUT_KMOD variable for ports/hardenedbsd/secadm
- add WITHOUT_CLI variable for ports/hardenedbsd/secadm-kmod

HBSD: Correct example path

* leave `all` target unchanged
* check if CLI is defined for ports/hardenedbsd/secadm
* check if KMOD is defined for ports/hardenedbsd/secadm-kmod

While here, remove code that shouldn't have been. Only rules that are
protected by Integriforce should prevent modification. Files with PaX
rules can still be modified.

Only allow deletion of Integriforce-protected files or files with PaX
rules if the rule pertaining to that file is disabled. Under no
circumstance, allow deletion of files under Integriforce in whitelist
mode.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#10

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#28

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#28

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#28

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#28

Specify which flags are availabe for pax rules. Add more information
regarding Integriforce and whitelist mode.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#28