Date: Sat, 19 Mar 2005 23:27:03 +0000 From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: freebsd-hackers@FreeBSD.org Cc: freebsd-security@FreeBSD.org Subject: RE: FreeBSD trusted execution system: beta testers wanted Message-ID: <20050319232703.GA53181@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
All Thanks for all the input. I have updated the code as per some of the comments which came in around testing. The following changes were made: -modify setfhash/getfhash to use the filename of the pathname portion. this will un break set/getfhash if it was invoked using ./ or the complete pathname. -the kernel implementation of setfhash was a bad idea. It used to use the utimes syscall. This especially caused problems with various port or source builds on NFS file systems exiting with EIO or various other errors. I replaced the kernel implementation with a sysctl, and modified the setfhash utility to use this instead. -add additional printf's to tell people where/why things went wrong. It should be noted that these printfs are only executed if the module is compiled with DEBUG set. (See the Makefile). -change Makefiles and file locations to be more consistent with the system build practices. NOTE: IF YOU HAVE ALREADY PATCHED YOUR KERNEL SKIP THE KERNEL PATCH/REBUILD cd /usr/src/sys fetch http://www.freebsd.org/~csjp/mac/mac_vnode_mmap.1106783302.diff patch < mac_vnode_mmap.1106783302.diff # REBUILD YOUR KERNEL cd /usr/src/sys/modules mkdir /usr/src/sys/modules/mac_chkexec cd /usr/src/sys/modules/mac_chkexec fetch http://www.freebsd.org/~csjp/mac/Makefile cd /usr/src/usr.sbin fetch http://www.freebsd.org/~csjp/mac/getfhash.1111165779.shar sh getfhash.1111165779.shar cd getfhash make make install make clean cd /usr/src/sys/security fetch http://www.freebsd.org/~csjp/mac/mac_chkexec.1111165827.shar sh mac_chkexec.1111165827.shar cd /usr/src/sys/modules/mac_chkexec make make install make clean -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050319232703.GA53181>