From owner-trustedbsd-cvs@FreeBSD.ORG Thu Nov 2 15:50:54 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A8C516A4CA for ; Thu, 2 Nov 2006 15:50:54 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C96043D8B for ; Thu, 2 Nov 2006 15:49:57 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 3BA2246E79 for ; Thu, 2 Nov 2006 10:49:56 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id C18D354E5D; Thu, 2 Nov 2006 15:43:30 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id B2BA316A4E0; Thu, 2 Nov 2006 15:43:25 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5221A16A4C8 for ; Thu, 2 Nov 2006 15:43:25 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 016F943D6D for ; Thu, 2 Nov 2006 15:43:19 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kA2FhBO5086526 for ; Thu, 2 Nov 2006 15:43:11 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kA2FhBQZ086521 for perforce@freebsd.org; Thu, 2 Nov 2006 15:43:11 GMT (envelope-from millert@freebsd.org) Date: Thu, 2 Nov 2006 15:43:11 GMT Message-Id: <200611021543.kA2FhBQZ086521@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 109042 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Nov 2006 15:50:54 -0000 http://perforce.freebsd.org/chv.cgi?CH=109042 Change 109042 by millert@millert_g5tower on 2006/11/02 15:42:24 Don't reference documents not shipped as part of sedarwin. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/README#4 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/README#4 (text+ko) ==== @@ -1,4 +1,4 @@ -Port of TrustedBSD MAC Framework to Darwin 8.6 +Port of TrustedBSD MAC Framework to Darwin 8.7 SPARTA, Inc 7110 Samuel Morse Drive @@ -44,7 +44,7 @@ appropriate for use in production environments. The following modifications have been made relative to Apple's Darwin -10.4.7 release: +8.7 release: - Inclusion of a subset of the MAC Framework entry points to provide label support and protection of files, processes, System V @@ -138,10 +138,6 @@ generated in a more intelligent way. In the future, would like to provide additional automatic policy generation through the use of these tags. - - The MAC Framework API documentation has been updated; documentation is - available in the docs/Framework/html/directory. - - New Features in the 20060929 release ===================================== @@ -248,17 +244,6 @@ - kernel symbol printing has been reenabled. - - Improved documentation has been included. In particular, - updates were made to the Design and Implementation document, the - Policy Module Writing guide, and man pages. A new document - (ISSO-06-008-Boot.pdf) discusses Boot time improvements made, their - interaction with the MAC Framework and sample policies with respect to - boot integrity. - - - The MAC Framework API documentation has been updated; - documentation is available in the docs/Framework/html/ - directory. - - The ERRATA has the current list of defects. @@ -351,14 +336,8 @@ required to include mac.h - Improved documentation has been included. In particular, - updates were made to the Design and Implementation document, the - Policy Module Writing guide, the Testing guide, and the set of - man pages. + updates were made to the man pages. - - The MAC Framework API documentation has been updated; - documentation is available in the docs/Framework/html/ - directory. - - Some defects that were causing instabilities in the MAC Framework and MLS policy has been fixed. See ERRATA for the current list of defects. @@ -371,9 +350,6 @@ and MLS policy has been fixed. See ERRATA for the current list of defects. - - There are changes in the testbed and detailed instructions can be - found in docs/TestingMacFramework.pdf - New Features in the 20051223 release ===================================== @@ -503,20 +479,7 @@ further automate some of the steps that must be done manually when using the tarfile installation method. - - New and improved documentation has been included. In particular, - a new guide detailing the Design and Implementation of MAC on Darwin 8, - an updated Policy Module Writing guide, Testing guide and man pages - for all MAC Framework APIs has been completed. - - The MAC Framework API documentation has been updated; - documentation is available in the docs/Framework/html/ - directory. - - - Two Review documents have been completed and are included in - this release. The Application Review and the IOKit Review - reports are available in the docs/review directory. - - New Features in the 20050930 release ==================================== @@ -560,16 +523,7 @@ - The documentation has been improved. In particular, man pages for all MAC Framework APIs has been completed. - - The MAC Framework API documentation has been updated; - documentation is available in the docs/Framework/html/ - directory. - - Three Review documents have been completed and are included in - this release. The Framework Review, the System Boot Review, and - the KEXT Review reports are available in the docs/review - directory. - - New Features in the 20050630 release ==================================== @@ -646,12 +600,6 @@ mac_create_sysv_sema -> mac_create_sysv_sem mac_cleanup_sysv_sema -> mac_cleanup_sysv_sem - - This release includes the results of the investigation into - distributed file systems. A paper summarizing the results is - available as docs/isso-05-0001-DFS.pdf and a prototype - implementation (using NFS) is available in the src/nfssuite - directory. - - The kernel was modified to provide support for login contexts; a login context is used to associate both windowed non-graphical applications with a single user-facing session. In a future @@ -688,17 +636,9 @@ access control for Mach IPC. Prototype modifications to the MLS policy to control information flow via Mach IPC. - - Two documents summarizing the results of experimentation with - applications making extensive use of Mach IPC describing how - Mach IPC is used, and the potential impact on mandatory access - control. The two CMW papers are available in the docs - directory, named 'cmw-like-security.pdf' and 'MLS-usage.pdf'. - - Additional maturing in VFS security; in particular, vn_read, vn_write, and vn_rdwr access controls were changed. - - Documentation for all supported MAC Framework entry points is - available in the docs/Framework/html/ directory. New Features in Drop 5 ====================== @@ -716,10 +656,6 @@ the intent that the build system use consistently uses only the GNU format. - - Additional documentation on the test framework and on CMW-like - access controls for Apple OS X is nearly complete and will be - separately shipped. - New Features in Drop 4 ====================== @@ -774,9 +710,7 @@ ====================== - Mach IPC tracing facility - The 'ipctrace' policy module causes - the system to store a log of how IPC is used in Darwin. More - information on ipctrace can be found in docs/ipctrace.txt. - Some example results are also included in examples/ipctrace. + the system to store a log of how IPC is used in Darwin. - System V IPC controls and labelling - Darwin's implementation of System V shared memory and semaphore arrays was extended to @@ -786,13 +720,11 @@ - Updates to SEDarwin - The SEDarwin policy module was extended to support System V IPC security. The supplied policy permits IPC - only between programs running in the same domain. More - information on the sedarwin module is available in docs/sedarwin.txt. + only between programs running in the same domain. - MLS (Multi-Level Security) policy module - We have ported the TrustedBSD MLS policy module to the Darwin security - framework. More information on the macmls module is available - in docs/macmls.txt. + framework. - Updates to the mactest policy module - We have made improvements to the mactest module so that it now supports additional entry @@ -841,13 +773,12 @@ ================== Instructions for building this system may be found in the -src/dsep-install.txt and src/dsep-install-gui.txt files included -with the release. The build instructions include references to -specific versions of Apple-provided operating system software and -tools; this release is unlikely to work correctly with any other -revisions of Apple's software, and may behave incorrectly, resulting -in system failure and/or data loss. The preferred system setup -procedures are documented in docs/system-setup.txt. +sefos-install.txt file included with the release. The build +instructions include references to specific versions of Apple-provided +operating system software and tools; this release is unlikely to +work correctly with any other revisions of Apple's software, and +may behave incorrectly, resulting in system failure and/or data +loss. Policy Module Support