Apparently FreeBSD's API change to NDINIT wasn't MFC'd to 13-STABLE.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Remove old cruft.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Reported-by:	Airbus CyberSecurity SAS
issue:		#2

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

* Document strict application allow list (whitelist) mode
* Document Trusted Path Execution (TPE)
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

The macro NAMEI_DBG_INITED doesn't exist on 12-STABLE.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

This is a modified version of the rename protection patches from Airbus.
While importing and testing their patches, I discovered there were a few
more places that needed the same fix applied for issue #1

.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Submitted-by:	Airbus CyberSecurity SAS

We need to force setting NAMEI_DBG_INITED because, being out-of-tree,
we're not not able to check whether INVARIANTS is enabled. When
INVARIANTS is enabled, the namei function performs a KASSERT on the
debug flags being set.

Ideally, this would be set by calling the NDBINIT_DBG macro, but that's
gated by INVARIANTS.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Reported-by:	@loic
issue:		#1

Typo fix for secadm.8

See merge request hardenedbsd/secadm!1

Under the right conditions, secadm may cause a kernel panic due to an
SMAP violation:

1. kldload secadm
2. secadm add integriforce
3. secadm show
4. secadm flush
5. secadm add integriforce
6. secadm show <- panic here
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Reported-by:	Airbus CyberSecurity SAS
Submitted-by:	Airbus CyberSecurity SAS

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Check the proper variable when adding an Integriforce rule.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Submitted-by:	Airbus CyberSecurity Engineering Team

Upstream FreeBSD commit f121d45000fd1c42611ca1e54872bd4545398933 dropped
the last argument from VOP_UNLOCK.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Sponsored-by:	SoldierX

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

This change introduces the prefer_acl keyword, to control the order of
rule evaluation.

When the prefer_acl property was set on a specific rule, then it
overrides the settings came from FS-EA based hbsdcontrol.

FYI: by default the hbsdcontrol's settings overrides the secadm rules,
since hbsdcontrol's evaluation is after the MAC framework's check.
Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

With /bin/sh, if you give it "./" as a command, it will try to execute
that. This use case was not tested and could cause a kernel panic.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Sponsored-by:	SoldierX

Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

KLD-related system calls have been hardened to disallow jailed users
from seeing any KLD information.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
github-issue:	#34

It's already locked.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Update the manpages for Trusted Path Execution (TPE).
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

ABI changed.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

New secadm rule section: tpe. Members of tpe:
    - enable (boolean): Enable TPE
    - all (boolean): Enable TPE for all suers
    - invert (boolean): Invert GID logic
    - gid (int): The Group ID (GID) for which TPE applies

Fully-qualified example:

secadm {
	tpe {
		enable: true,
		gid: 10,
		invert: true,
	}
}
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

This introduces a new command to secadm: tpe. To enable TPE, use
`secadm tpe -T`. To disable TPE, use `secadm tpe -t`. To set the GID,
use `secadm tpe -g <gid>`. To enforce TPE for everyone, use `secadm
tpe -A`. To invert the GID, use `secadm tpe -g`. The GID by default is
0.

TODO:
    1) Documentation
    2) Support tpe in secadm.rules(5)
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Submitted-by: Piotr Kubaj <pkubaj@anongoth.pl>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
Submitted-by: Piotr Kubaj <pkubaj@anongoth.pl>

- add WITHOUT_KMOD variable for ports/hardenedbsd/secadm
- add WITHOUT_CLI variable for ports/hardenedbsd/secadm-kmod

HBSD: Correct example path