Created attachment 182693 [details] new port shar file Simple MAC framework policy to disable access to networking for certain group. Running kldload mac_nonet.ko to load the kernel module. The load action require root permissions. Set gid that shouldn't access the network: sysctl security.mac.nonet.gid=31337 and enable enforcing: sysctl security.mac.nonet.enabled=1 Any call to socket(2) from user in this group will end with EPERM. You can also select group that can access only AF_UNIX sockets with security.mac.nonet.local_gid. WWW: https://github.com/pbiernacki/mac_nonet
Comment on attachment 182693 [details] new port shar file GH_PROJECT is not needed This is a kernel module, it should use USES=kmod
Created attachment 182921 [details] mac_nonet.shar GH_PROJECT is not needed---fixed This is a kernel module, it should use USES=kmod----fixed
ping
Committed. Thanks! And once again apologies that this took so long!
A commit references this bug: Author: tobik Date: Mon Mar 12 07:05:25 UTC 2018 New revision: 464226 URL: https://svnweb.freebsd.org/changeset/ports/464226 Log: New port: sysutils/mac_nonet Simple MAC framework policy to disable access to networking for certain group. Running kldload mac_nonet.ko to load the kernel module. The load action require root permissions. Set gid that shouldn't access the network: sysctl security.mac.nonet.gid=31337 and enable enforcing: sysctl security.mac.nonet.enabled=1 Any call to socket(2) from user in this group will end with EPERM. You can also select group that can access only AF_UNIX sockets with security.mac.nonet.local_gid. WWW: https://github.com/pbiernacki/mac_nonet PR: 219376 Submitted by: amutu@amutu.com Reviewed by: bapt Changes: head/sysutils/Makefile head/sysutils/mac_nonet/ head/sysutils/mac_nonet/Makefile head/sysutils/mac_nonet/distinfo head/sysutils/mac_nonet/pkg-descr