Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 23 Sep 2016 11:19:26 +0100
From:      "Robert N. M. Watson" <rwatson@FreeBSD.org>
To:        Konrad Witaszczyk <def@freebsd.org>
Cc:        Mateusz Piotrowski <0mp@FreeBSD.org>, freebsd-hackers@freebsd.org, trustedbsd-discuss@freebsd.org, trustedbsd-audit@freebsd.org
Subject:   Re: How to bring au_to_attr(3) back to the userland?
Message-ID:  <A520AC96-87F7-4282-BF1D-F0DDC5AC886C@FreeBSD.org>
In-Reply-To: <08154690-df05-9314-702e-4e0cdd661f04@FreeBSD.org>
References:  <83CC669E-FED9-4ABE-A5A5-376E1A743AF8@FreeBSD.org> <09D137C4-2630-4B93-ACDC-CB3AFC86D89F@FreeBSD.org> <C3FCD083-9DB0-43CA-8C68-A4CCE3BB6636@FreeBSD.org> <93122C2D-A660-4A47-A780-44E8309E4377@FreeBSD.org> <08154690-df05-9314-702e-4e0cdd661f04@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 23 Sep 2016, at 11:09, Konrad Witaszczyk <def@freebsd.org> wrote:

>> I guess you have two choices:
>> 
>> (1) Retain existing KPIs to slightly ease merging to FreeBSD and Mac OS X; they can adopt the new in-kernel interfaces when ready.
> 
> I think it won't be hard to adopt the changes in the FreeBSD kernel together
> with the changes in libbsm. Would you still consider it as an issue because of
> macOS if we fix it in FreeBSD? I don't know how important it is to their
> developers to stick with the current OpenBSM implementation.


While the kernel and userspace share code from OpenBSM in both FreeBSD and Mac OS X, it’s useful to be able to upgrade userspace without necessarily changing kernel code — e.g., if security patches are required in parsing, etc. I think it would be best to differentiate the new programming interface by giving it a new name, and keeping the existing interface, but marked to be removed at a future date. We could even discourage its use by making if #ifdef OPENBSM_DEPRECATED or such, requiring that it be explicitly enabled to be available to hint to those doing merges that it’s time to move to the new KPI.

Robert

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A520AC96-87F7-4282-BF1D-F0DDC5AC886C>