From owner-freebsd-hackers@FreeBSD.ORG Sat Mar 19 23:27:03 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8BF716A4CE; Sat, 19 Mar 2005 23:27:03 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8083A43D2F; Sat, 19 Mar 2005 23:27:03 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: from freefall.freebsd.org (csjp@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j2JNR33f053272; Sat, 19 Mar 2005 23:27:03 GMT (envelope-from csjp@freefall.freebsd.org) Received: (from csjp@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j2JNR3jd053271; Sat, 19 Mar 2005 23:27:03 GMT (envelope-from csjp) Date: Sat, 19 Mar 2005 23:27:03 +0000 From: "Christian S.J. Peron" To: freebsd-hackers@FreeBSD.org Message-ID: <20050319232703.GA53181@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i cc: freebsd-security@FreeBSD.org Subject: RE: FreeBSD trusted execution system: beta testers wanted X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Mar 2005 23:27:03 -0000 All Thanks for all the input. I have updated the code as per some of the comments which came in around testing. The following changes were made: -modify setfhash/getfhash to use the filename of the pathname portion. this will un break set/getfhash if it was invoked using ./ or the complete pathname. -the kernel implementation of setfhash was a bad idea. It used to use the utimes syscall. This especially caused problems with various port or source builds on NFS file systems exiting with EIO or various other errors. I replaced the kernel implementation with a sysctl, and modified the setfhash utility to use this instead. -add additional printf's to tell people where/why things went wrong. It should be noted that these printfs are only executed if the module is compiled with DEBUG set. (See the Makefile). -change Makefiles and file locations to be more consistent with the system build practices. NOTE: IF YOU HAVE ALREADY PATCHED YOUR KERNEL SKIP THE KERNEL PATCH/REBUILD cd /usr/src/sys fetch http://www.freebsd.org/~csjp/mac/mac_vnode_mmap.1106783302.diff patch < mac_vnode_mmap.1106783302.diff # REBUILD YOUR KERNEL cd /usr/src/sys/modules mkdir /usr/src/sys/modules/mac_chkexec cd /usr/src/sys/modules/mac_chkexec fetch http://www.freebsd.org/~csjp/mac/Makefile cd /usr/src/usr.sbin fetch http://www.freebsd.org/~csjp/mac/getfhash.1111165779.shar sh getfhash.1111165779.shar cd getfhash make make install make clean cd /usr/src/sys/security fetch http://www.freebsd.org/~csjp/mac/mac_chkexec.1111165827.shar sh mac_chkexec.1111165827.shar cd /usr/src/sys/modules/mac_chkexec make make install make clean -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer