From owner-freebsd-hackers@freebsd.org  Fri Sep 23 10:19:29 2016
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDA77BE5F61;
 Fri, 23 Sep 2016 10:19:29 +0000 (UTC)
 (envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [198.74.231.69])
 by mx1.freebsd.org (Postfix) with ESMTP id 8ACD4FD6;
 Fri, 23 Sep 2016 10:19:29 +0000 (UTC)
 (envelope-from rwatson@FreeBSD.org)
Received: from [192.168.81.201] (unknown [212.163.6.23])
 by cyrus.watson.org (Postfix) with ESMTPSA id ABE2446CF5;
 Fri, 23 Sep 2016 06:19:27 -0400 (EDT)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: How to bring au_to_attr(3) back to the userland?
From: "Robert N. M. Watson" <rwatson@FreeBSD.org>
In-Reply-To: <08154690-df05-9314-702e-4e0cdd661f04@FreeBSD.org>
Date: Fri, 23 Sep 2016 11:19:26 +0100
Cc: Mateusz Piotrowski <0mp@FreeBSD.org>, freebsd-hackers@freebsd.org,
 trustedbsd-discuss@freebsd.org, trustedbsd-audit@freebsd.org
Message-Id: <A520AC96-87F7-4282-BF1D-F0DDC5AC886C@FreeBSD.org>
References: <83CC669E-FED9-4ABE-A5A5-376E1A743AF8@FreeBSD.org>
 <09D137C4-2630-4B93-ACDC-CB3AFC86D89F@FreeBSD.org>
 <C3FCD083-9DB0-43CA-8C68-A4CCE3BB6636@FreeBSD.org>
 <93122C2D-A660-4A47-A780-44E8309E4377@FreeBSD.org>
 <08154690-df05-9314-702e-4e0cdd661f04@FreeBSD.org>
To: Konrad Witaszczyk <def@freebsd.org>
X-Mailer: Apple Mail (2.3124)
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2016 10:19:29 -0000

On 23 Sep 2016, at 11:09, Konrad Witaszczyk <def@freebsd.org> wrote:

>> I guess you have two choices:
>>=20
>> (1) Retain existing KPIs to slightly ease merging to FreeBSD and Mac =
OS X; they can adopt the new in-kernel interfaces when ready.
>=20
> I think it won't be hard to adopt the changes in the FreeBSD kernel =
together
> with the changes in libbsm. Would you still consider it as an issue =
because of
> macOS if we fix it in FreeBSD? I don't know how important it is to =
their
> developers to stick with the current OpenBSM implementation.


While the kernel and userspace share code from OpenBSM in both FreeBSD =
and Mac OS X, it=E2=80=99s useful to be able to upgrade userspace =
without necessarily changing kernel code =E2=80=94 e.g., if security =
patches are required in parsing, etc. I think it would be best to =
differentiate the new programming interface by giving it a new name, and =
keeping the existing interface, but marked to be removed at a future =
date. We could even discourage its use by making if #ifdef =
OPENBSM_DEPRECATED or such, requiring that it be explicitly enabled to =
be available to hint to those doing merges that it=E2=80=99s time to =
move to the new KPI.

Robert=