Date: Thu, 6 May 2004 13:25:04 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 52373 for review Message-ID: <200405062025.i46KP4G9090490@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=52373 Change 52373 by rwatson@rwatson_tislabs on 2004/05/06 13:24:50 Add "Prototype" to name. List a few more features present in the feature list. Some reformatting and spell checking. Affected files ... .. //depot/projects/trustedbsd/sedarwin73/README#5 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin73/README#5 (text+ko) ==== @@ -1,21 +1,22 @@ -SEDarwin - Security-Enhanced Darwin +SEDarwin - Security-Enhanced Darwin Prototype Andrew Reisse (areisse@nailabs.com) Chris Vance (cvance@nailabs.com) Robert Watson (rwatson@nailabs.com) -McAfee Research (division of McAfee Inc.) +McAfee Research -This is a port of our original Darwin 6.8 based implementation, -to Darwin version 7.3 (MacOSX 10.3.3). It includes the security framework, -a test policy module, a port of the SElinux type enforcement -policy module, file labelling tools, and extended attribute tools. Also -included are modified versions of ps and ls for viewing labels. +This is a port of our original Darwin 6.8 implementation to Darwin version +7.3 (MacOSX 10.3.3). It includes HFS extended attributes, the MAC +Framework, a test policy module, a port of the SELinux type enforcement +policy module, SELinux policy tools, file labeling tools, and extended +attribute tools. Modified versions of the ls and ps commands capable of +viewing labels are also included. -SEDarwin is compatible with Apple MacOSX 10.3.3 build 7F44 systems. -(To check the build number of a running system, select "About this Mac" -from the apple menu, then click on the "Version 10.3.3" text in the -dialog that appears.) +SEDarwin is compatible with Apple MacOSX 10.3.3 build 7F44 systems. (To +check the build number of a running system, select "About this Mac" from +the Apple Menu, then click on the "Version 10.3.3" text in the dialog that +appears.) Package Layout: bootstrap_instructions.txt Instructions for building and installing @@ -33,14 +34,18 @@ export (created) Location of build results Usage: -Following the build instructions will yield a system with sedarwin installed, -and the sample TE policy configured. To test some functionality, enable -enforcing mode by running "sudo nvram kenv_sebsd_enforce=1" from the shell -(by default, the TE module runs in permissive mode, logging + +Following the build instructions will yield a system with sedarwin +installed, and the sample TE policy configured. To test some +functionality, enable enforcing mode by running: + + sudo nvram kenv_sebsd_enforce=1 + +from the shell (by default, the TE module runs in permissive mode, logging access control failures but not enforcing them) and set some file labels. TE labels are of the form user:role:type. When passed to or from the -system, labels begin with the name of the policy module (in this case, -sebsd). Objects use the object_r "role". +system, labels begin with the name of the policy module (in this case, +sebsd). Objects use the object_r "role". $ getpmac sebsd/andrew:user_r:user_d
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405062025.i46KP4G9090490>