Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 31 Jul 2002 00:36:09 -0400 (EDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        current@FreeBSD.org
Cc:        developers@FreeBSD.org
Subject:   Re: HEADS UP: TrustedBSD MAC supporting going into the 5.0 HEAD
Message-ID:  <Pine.NEB.3.96L.1020731003113.52927F-100000@fledge.watson.org>
In-Reply-To: <Pine.NEB.3.96L.1020730174825.52927A-100000@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help

Ok, well, I committed the following:

- include files (mac.h, mac_policy.h)
- basic MAC framework (kern_mac.c)
- label management for several key types of system objects, including
  mbufs, creds, vnodes, mountpoints, sockets

I'll start up again tomorrow morning and bring in:

- management for more network objects
- management for pipes
- access control for managed objects

I'll also bring in several sample policies, including:

- mac_mls, mac_biba, mac_seeotheruids, mac_bsdextended (uid/gid-based file
  system firewall)

Finally, I'll start on the userland code:

- libc MAC extensions
- libugidfw
- userland tools such as ugidfw, {get,set}[fp]mac(8), setusercontext
  extensions

I believe that the system currently builds, but I haven't finished a
buildworld with the current set of patches.  Certainly all the compile
tests I've been doing seem OK.  If there is build breakage in userland,
it's probably because of header leakage from including kernel headers. 

In any case, will get started again first thing tomorrow morning. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories

On Tue, 30 Jul 2002, Robert Watson wrote:

> 
> I've just committed some of the supporting infrastructure files to the
> main kernel tree.  Right now, not much is hooked up to the build, but over
> the next couple of hours, I'll start to hook things up.  If you catch the
> tree at a poor moment during the commit process, it probably won't build
> very well, and if it does, you may be very sorry.  Hopefully not too
> sorry, since almost all the MAC code is conditionally compiled based on
> "options MAC" and therefore this shouldn't have much if any impact for
> GENERIC, but the risk exists.  I'll send out a follow-up message when I'm
> done merging. 
> 
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> robert@fledge.watson.org      Network Associates Laboratories
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020731003113.52927F-100000>