From owner-trustedbsd-discuss@FreeBSD.ORG Sat Jul 8 11:55:29 2006 Return-Path: X-Original-To: trustedbsd-discuss@freebsd.org Delivered-To: trustedbsd-discuss@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 129FE16A4DE for ; Sat, 8 Jul 2006 11:55:29 +0000 (UTC) (envelope-from vladgalu@gmail.com) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9603543D49 for ; Sat, 8 Jul 2006 11:55:28 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by cyrus.watson.org (Postfix) with ESMTP id 0BB4646BE9 for ; Sat, 8 Jul 2006 07:55:27 -0400 (EDT) Received: by nf-out-0910.google.com with SMTP id a25so320098nfc for ; Sat, 08 Jul 2006 04:55:25 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=OiL6x4kkeItJPA3Ys05E8KenzKm4yxYwkXF/+nwZIaHZ1b4Fr9SF+xq4UHZP5r+NsAcv1/2yzq0Inh/HKv2cf4KZe9qAADg6u0h4Av7qFkoT9pwMwPJfRkGGPZX4NuSExqFhjATFGXdFXfMoj8pAFdqgcjeaznHp1FE2GNfZiyY= Received: by 10.48.242.8 with SMTP id p8mr2173430nfh; Sat, 08 Jul 2006 04:55:25 -0700 (PDT) Received: by 10.48.250.2 with HTTP; Sat, 8 Jul 2006 04:55:24 -0700 (PDT) Message-ID: <79722fad0607080455s8a5415fs49cacd23031f8cfb@mail.gmail.com> Date: Sat, 8 Jul 2006 14:55:24 +0300 From: "Vlad GALU" To: trustedbsd-discuss@trustedbsd.org In-Reply-To: <20060708111221.M94284@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060708111221.M94284@fledge.watson.org> Cc: Subject: Re: Poll for users: mac_partition and mac_ifoff policies X-BeenThere: trustedbsd-discuss@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD General Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Jul 2006 11:55:29 -0000 On 7/8/06, Robert Watson wrote: > > Dear all, > > I'm currently in the process of reviewing the use of the MAC Framework in > FreeBSD, following meetings at the developer summit about proposed > simplifications and enhancements. One of the on-going concerns I have had is > that several of the policies we ship are reference implementation policies, > rather than reference user policies: > > mac_ifoff - Interface silencing > mac_partition - Process space partitions > mac_stub - Stub MAC policy entry points > mac_test - Invariants testing > > While mac_stub and mac_test are both extremely useful for devleopers as > shipped, it's not clear to me that mac_ifoff and mac_partition offer > significantly similar value, and as they are reference policies rather than > production policies, my leaning is to provide them as downloads on the > TrustedBSD web site and via p4, but to not ship them with FreeBSD 7.0. So > this e-mail is to poll to see if anyone is currently using the mac_ifoff and > mac_partition policies in production, and would object on those grounds to > shipping them separately from the base OS. I use mac_partition in production. However, I wouldn't mind having it as a separate module as long as it doesn't become cumbersome to the update (buildworld, installworld) process. In other words, I'd like having it in sync with whatever OS branch I'm using. > > Robert N M Watson > Computer Laboratory > University of Cambridge > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.