Date: Tue, 28 Feb 2006 14:28:06 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 92530 for review Message-ID: <200602281428.k1SES6aR030799@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=92530 Change 92530 by rwatson@rwatson_peppercorn on 2006/02/28 14:27:11 Update history, install notes, credits for upcoming OpenBSM 1.0 alpha 5. Before release, I'll integrate, merge, and test with audit3 to make sure the fairly heavy set of changes to add portability doesn't disrupt FreeBSD support. Affected files ... .. //depot/projects/trustedbsd/openbsm/HISTORY#2 edit .. //depot/projects/trustedbsd/openbsm/README#16 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/HISTORY#2 (text+ko) ==== @@ -1,3 +1,33 @@ +OpenBSM 1.0 alpha 5 + +- Update install notes to indicate /etc files are to be installed manually. +- On systems without LOG_SECURITY, use LOG_AUTH. +- Convert to autoconf/automake in order to move to a more portable (not + BSD-specific) build infrastructure, and more easy conditional building of + components. Currently, the primary feature loss is that automake does + not have native support for manual symlinks. This will be addressed in a + future OpenBSM release. +- Add compat/queue.h, to be used on systems dated BSD queue macro libraries + (as found on Linux). +- Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the + existing conventions for a CHANGELOG. +- Some private data structures moved from audit.h to audit_internal.h to + prevent inappropriate use by applications and name space pollution. +- Improved detection and use of endian macros using autoconf. +- Avoid non-portable use of struct in6_addr, which is largely opaque. +- Avoid leaking BSD kernel socket related token code to user space in + bsm_token.c. +- Teach System V IPC calls to look for Linux naming variations for certain + struct ipc_perm fields. +- Test for audit system calls, and if not present, don't build + bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on + those system calls. +- au_close() is not implemented on systems that don't have audit system + calls, but au_close_buffer() is. +- Work around missing BSDisms in bsm_wrapper.c. +- Fix nested includes so including libbsm.h in an application on Linux + picks up the necessary definitions. + OpenBSM 1.0 alpha 4 - Remove "audit" user example from audit_user, as it's not present on most @@ -94,4 +124,4 @@ to support reloading of kernel event table. - Allow comments in /etc/security configuration files. -$P4: //depot/projects/trustedbsd/openbsm/HISTORY#1 $ +$P4: //depot/projects/trustedbsd/openbsm/HISTORY#2 $ ==== //depot/projects/trustedbsd/openbsm/README#16 (text+ko) ==== @@ -25,30 +25,34 @@ Building -OpenBSM is currently built using a series of BSD make files which should -work on both FreeBSD and Darwin. One known issue is that versions of -Darwin prior to 10.3.8 have a nested include of "sys/audit.h" from -"sys/proc.h", which can result in type definition conflicts. If running -with include files from an earlier version of Darwin, the nested include -must be manually removed in order that libbsm can be built, due to -potentially conflicting types resulting from an include of "sys/sysctl.h" -by that file. On Darwin, the use of BSD make must be specified explicitly -by using "bsdmake" rather than "make", which on Darwin refers to GNU make. -Typical invocations from the OpenBSM tree root: +OpenBSM is currently built using autoconf and automake, which should allow +for building on a range of operating systems, including FreeBSD, Mac OS X, +and Linux. Depending on the availability of audit facailities in the +underlying operating system, some components that depend on kernel audit +support are built conditionally. Typically, build will be performed using + + ./configure + make -FreeBSD +To install, use: - % make - # make install + make install -Darwin +You may wish to specify that the OpenBSM components not be installed in the +base system, rather in a specific directory. This may be done using the +--prefix argument to configure. If installing to a specific directory, +remember to update your library path so that running tools from that +directory the correct libbsm is used: - % bsdmake - # bsdmake install + ./configure --prefix=/home/rwatson/openbsm + make + make install + LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH -In both cases, you will need to manually propagate openbsm/etc/* into /etc -on your system; this is not done automatically so as to avoid disrupting -the current configuration. +You will need to manually propagate openbsm/etc/* into /etc on your system; +this is not done automatically so as to avoid disrupting the current +configuration. Currently, the locations of these files is not +configurable. Credits @@ -69,6 +73,7 @@ Christian Brueffer Olivier Houchard Christian Peron + Martin Fong In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel Software's FlexeLint tool were used to identify a number of bugs in the @@ -90,4 +95,4 @@ http://www.TrustedBSD.org/ -$P4: //depot/projects/trustedbsd/openbsm/README#15 $ +$P4: //depot/projects/trustedbsd/openbsm/README#16 $
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602281428.k1SES6aR030799>