From owner-cvs-all  Sat Oct 26 11:49:23 2002
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 902C037B401; Sat, 26 Oct 2002 11:49:21 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A84F643E77; Sat, 26 Oct 2002 11:49:20 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.12.4/8.12.4) with SMTP id g9QImkOo057987;
	Sat, 26 Oct 2002 14:48:47 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sat, 26 Oct 2002 14:48:46 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/conf files src/sys/fs/devfs devfs_vnops.c         src/sys/fs/procfs procfs.c procfs.h procfs_mac.c         src/sys/fs/pseudofs pseudofs.h pseudofs_vnops.c src/sys/kern         kern_mac.c vfs_subr.c src/sys/modules/procfs Makefile ...
In-Reply-To: <200210261438.g9QEcO9Q098566@repoman.freebsd.org>
Message-ID: <Pine.NEB.3.96L.1021026144653.2493D-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

FYI to those experimenting with MAC: this breaks each policy out into
using its own extended attribute, and is pretty much the last step in
getting all policy-specific data out of the central MAC framework
(kern_mac.c, mac.h) into the policy-specific modules.  There's a little
more cleanup here, but not much.  If you're using persistent disk labels,
this will change the storage of those labels, and we do not currently
provide a migration path (although it might not be hard to write a
single-user mode utility to walk the file system and migrate the data to
their new extended attributes).  With this change, however, we do
recommend that (wherever possible) UFS2 be used for MAC and not UFS1, as
UFS1 provides weaker guarantees than UFS2 for extended attribute
modification.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories

On Sat, 26 Oct 2002, Robert Watson wrote:

> rwatson     2002/10/26 07:38:24 PDT
> 
>   Modified files:
>     sys/conf             files 
>     sys/fs/devfs         devfs_vnops.c 
>     sys/fs/procfs        procfs.c procfs.h 
>     sys/fs/pseudofs      pseudofs.h pseudofs_vnops.c 
>     sys/kern             kern_mac.c vfs_subr.c 
>     sys/modules/procfs   Makefile 
>     sys/security/mac_biba mac_biba.c 
>     sys/security/mac_mls mac_mls.c 
>     sys/security/mac_none mac_none.c 
>     sys/security/mac_test mac_test.c 
>     sys/sys              mac.h mac_policy.h 
>     sys/ufs/ffs          ffs_vfsops.c 
>     sys/ufs/ufs          ufs_vnops.c 
>   Removed files:
>     sys/fs/procfs        procfs_mac.c 
>   Log:
>   Slightly change the semantics of vnode labels for MAC: rather than
>   "refreshing" the label on the vnode before use, just get the label
>   right from inception.  For single-label file systems, set the label
>   in the generic VFS getnewvnode() code; for multi-label file systems,
>   leave the labeling up to the file system.  With UFS1/2, this means
>   reading the extended attribute during vfs_vget() as the inode is
>   pulled off disk, rather than hitting the extended attributes
>   frequently during operations later, improving performance.  This
>   also corrects sematics for shared vnode locks, which were not
>   previously present in the system.  This chances the cache
>   coherrency properties WRT out-of-band access to label data, but in
>   an acceptable form.  With UFS1, there is a small race condition
>   during automatic extended attribute start -- this is not present
>   with UFS2, and occurs because EAs aren't available at vnode
>   inception.  We'll introduce a work around for this shortly.
>   
>   Approved by:    re
>   Obtained from:  TrustedBSD Project
>   Sponsored by:   DARPA, Network Associates Laboratories
>   
>   Revision  Changes    Path
>   1.729     +0 -1      src/sys/conf/files
>   1.54      +1 -1      src/sys/fs/devfs/devfs_vnops.c
>   1.8       +0 -1      src/sys/fs/procfs/procfs.c
>   1.45      +0 -3      src/sys/fs/procfs/procfs.h
>   1.2       +0 -68     src/sys/fs/procfs/procfs_mac.c (dead)
>   1.22      +0 -10     src/sys/fs/pseudofs/pseudofs.h
>   1.32      +0 -47     src/sys/fs/pseudofs/pseudofs_vnops.c
>   1.49      +90 -486   src/sys/kern/kern_mac.c
>   1.419     +2 -0      src/sys/kern/vfs_subr.c
>   1.28      +0 -2      src/sys/modules/procfs/Makefile
>   1.29      +120 -61   src/sys/security/mac_biba/mac_biba.c
>   1.27      +98 -61    src/sys/security/mac_mls/mac_mls.c
>   1.15      +43 -39    src/sys/security/mac_none/mac_none.c
>   1.13      +43 -40    src/sys/security/mac_test/mac_test.c
>   1.19      +9 -7      src/sys/sys/mac.h
>   1.19      +23 -24    src/sys/sys/mac_policy.h
>   1.196     +18 -0     src/sys/ufs/ffs/ffs_vfsops.c
>   1.219     +12 -15    src/sys/ufs/ufs/ufs_vnops.c
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message