From owner-freebsd-security@FreeBSD.ORG Sat Sep 9 10:19:22 2006 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EFB1516A403; Sat, 9 Sep 2006 10:19:22 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5166043D58; Sat, 9 Sep 2006 10:19:22 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 4121A46CF8; Sat, 9 Sep 2006 06:19:21 -0400 (EDT) Date: Sat, 9 Sep 2006 11:19:21 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: stable@FreeBSD.org In-Reply-To: <20060902113521.P84468@fledge.watson.org> Message-ID: <20060909111657.F76453@fledge.watson.org> References: <20060816120709.N45647@fledge.watson.org> <20060902113521.P84468@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: trustedbsd-audit@TrustedBSD.org, freebsd-security@FreeBSD.org Subject: Re: Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Sep 2006 10:19:23 -0000 On Sat, 2 Sep 2006, Robert Watson wrote: > After a couple of weeks of settling, polishing, etc, the MFC of audit > support is about to begin. Over the next couple of days, the 6-STABLE build > may be briefly broken as inter-dependent components are merged. I do not > anticipate any serious disruption, but some caution is called for. In > principle, all the potentially tricky kernel ABI dependencies, etc, were > dealt with before 6.0-RELEASE, such as changes in the size of the kernel > system call data structures. The approximate merge plan, run by re@ a few > days ago, is as follows: Just as a status update -- the vast majority of audit code has now been MFC'd to -STABLE. There are a few areas where the merge is not yet complete -- primarily as relates to non-native/emulated/compatibility system calls, and non-i386/amd64 system calls. I anticipate these being merged in the near future. We've also seen a number of problem reports relating to starting the auditd daemon, a problem not seen during testing on -CURRENT, so we're working on debugging that, and we've found some bugs in audit log rotation. I'm currently travelling for a few days, but will follow up when I get back to the UK on Tuesday on where things stand, and what (if any) further changes are in the pipeline. Once these problems are fixed, it sounds like we're well on track to ship with audit as a 6.2 (experimental) feature. thanks, Robert N M Watson Computer Laboratory University of Cambridge