From owner-freebsd-doc@FreeBSD.ORG Mon May 19 11:54:34 2003 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C963F37B40F for ; Mon, 19 May 2003 11:54:34 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FDA043FAF for ; Mon, 19 May 2003 11:54:34 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h4JIs9On061975 for ; Mon, 19 May 2003 14:54:09 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h4JIs9nA061972 for ; Mon, 19 May 2003 14:54:09 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 19 May 2003 14:54:08 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: doc@FreeBSD.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Adding new top-level section to Developer's Handbook: System Architecture? X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2003 18:54:35 -0000 As part of the Network Associates Laboratories CBOSS contract with DARPA to improve FreeBSD system security, we have a task to write a FreeBSD Security Architecture. We're preparing to make the first draft of this document available -- it provides a high level view of how security services in the kernel and userland operate, talks about bullet security features, adaptation of FreeBSD security to particular tasks, etc. Right now, our thought is to make it a chapter in the Developer's Handbook. Unfortunately, it wasn't immediately clear where it should go. Today, the structure of the document is: I Basics II Inter-Process Communication III Kernel "FreeBSD Security Architecture" fits poorly into any of these categories: it's not basic, it's not IPC (although it talks a bit about IPC), and it's not strictly kernel since it talks fairly extensively about the integration of the user security elements. My first pass temptation was to change the format to be more like the following: I Basics II Inter-Process Communication III High-Level Architecture IV Kernel And stick in the secarch chapter as the (currently) sole section of III. At some point, I'd also like to copy the SMP arch document into this tree, although that's more strictly a kernel thing. I'm not sure adding a High Level Architecture section is the long term solution. The long term solution might be to break it into two books -- one on developing/debugging FreeBSD, and the other on developing/debugging on FreeBSD. Or perhaps an Architecture/design book separate from a practices and procedures book. Regardless, would anyone object to my taking the above described strategy for the time being, when I bring in the current draft? Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories