Date: Wed, 31 Jul 2002 00:36:09 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Cc: developers@FreeBSD.org Subject: Re: HEADS UP: TrustedBSD MAC supporting going into the 5.0 HEAD Message-ID: <Pine.NEB.3.96L.1020731003113.52927F-100000@fledge.watson.org> In-Reply-To: <Pine.NEB.3.96L.1020730174825.52927A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, well, I committed the following:
- include files (mac.h, mac_policy.h)
- basic MAC framework (kern_mac.c)
- label management for several key types of system objects, including
mbufs, creds, vnodes, mountpoints, sockets
I'll start up again tomorrow morning and bring in:
- management for more network objects
- management for pipes
- access control for managed objects
I'll also bring in several sample policies, including:
- mac_mls, mac_biba, mac_seeotheruids, mac_bsdextended (uid/gid-based file
system firewall)
Finally, I'll start on the userland code:
- libc MAC extensions
- libugidfw
- userland tools such as ugidfw, {get,set}[fp]mac(8), setusercontext
extensions
I believe that the system currently builds, but I haven't finished a
buildworld with the current set of patches. Certainly all the compile
tests I've been doing seem OK. If there is build breakage in userland,
it's probably because of header leakage from including kernel headers.
In any case, will get started again first thing tomorrow morning.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Network Associates Laboratories
On Tue, 30 Jul 2002, Robert Watson wrote:
>
> I've just committed some of the supporting infrastructure files to the
> main kernel tree. Right now, not much is hooked up to the build, but over
> the next couple of hours, I'll start to hook things up. If you catch the
> tree at a poor moment during the commit process, it probably won't build
> very well, and if it does, you may be very sorry. Hopefully not too
> sorry, since almost all the MAC code is conditionally compiled based on
> "options MAC" and therefore this shouldn't have much if any impact for
> GENERIC, but the risk exists. I'll send out a follow-up message when I'm
> done merging.
>
> Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
> robert@fledge.watson.org Network Associates Laboratories
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020731003113.52927F-100000>