From owner-freebsd-current  Sun Apr 28 13:17:21 2002
Delivered-To: freebsd-current@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 10CC137B416
	for <current@FreeBSD.ORG>; Sun, 28 Apr 2002 13:17:13 -0700 (PDT)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3SKGqw04884;
	Sun, 28 Apr 2002 16:16:52 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sun, 28 Apr 2002 16:16:52 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Richard Arends <richard@unixguru.nl>
Cc: current@FreeBSD.ORG
Subject: Re: truss
In-Reply-To: <20020428220902.Y86520-100000@mail.unixguru.nl>
Message-ID: <Pine.NEB.3.96L.1020428161437.64976N-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


On Sun, 28 Apr 2002, Richard Arends wrote:

> On Sun, 28 Apr 2002, Robert Watson wrote:
> 
> > BTW, 5.0 will also allow (once we commit the MAC framework from the
> > TrustedBSD Project) kernel modules to tweak process visibility protections
> > in the kernel at runtime.  For example, you can kldload a
> > mac_seeotheruids.ko policy module, which can limit what processes can view
> > of other processes based on a number of factors, including uids, and
> > information it tags onto the processes.  It can also limit access to
> > socket information listed in netstat, etc.
> 
> When will the TrustedBSD modules commited to current?? 

The current (vague) plan is to commit them around mid-June, but that may
slip a bit depending on development rate.  Early access to the feature set
is possible via Perforce, or from cvsup10.FreeBSD.org.  I'm hoping to have
the basic kernel feature set ready for integration by early June, so we
might integrate back the changes back into the main tree in phases.  I
have to warn you that the stuff in the branch is moving pretty quickly,
and there are some known poor interactions, especially with non-IP
networking types, that we're still tracking down.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message