From owner-freebsd-current Tue Jul 30 21:36:27 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96CA337B400; Tue, 30 Jul 2002 21:36:19 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DFD043E67; Tue, 30 Jul 2002 21:36:19 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.4/8.12.4) with SMTP id g6V4a9Oo060377; Wed, 31 Jul 2002 00:36:09 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 31 Jul 2002 00:36:09 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: current@FreeBSD.org Cc: developers@FreeBSD.org Subject: Re: HEADS UP: TrustedBSD MAC supporting going into the 5.0 HEAD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ok, well, I committed the following: - include files (mac.h, mac_policy.h) - basic MAC framework (kern_mac.c) - label management for several key types of system objects, including mbufs, creds, vnodes, mountpoints, sockets I'll start up again tomorrow morning and bring in: - management for more network objects - management for pipes - access control for managed objects I'll also bring in several sample policies, including: - mac_mls, mac_biba, mac_seeotheruids, mac_bsdextended (uid/gid-based file system firewall) Finally, I'll start on the userland code: - libc MAC extensions - libugidfw - userland tools such as ugidfw, {get,set}[fp]mac(8), setusercontext extensions I believe that the system currently builds, but I haven't finished a buildworld with the current set of patches. Certainly all the compile tests I've been doing seem OK. If there is build breakage in userland, it's probably because of header leakage from including kernel headers. In any case, will get started again first thing tomorrow morning. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories On Tue, 30 Jul 2002, Robert Watson wrote: > > I've just committed some of the supporting infrastructure files to the > main kernel tree. Right now, not much is hooked up to the build, but over > the next couple of hours, I'll start to hook things up. If you catch the > tree at a poor moment during the commit process, it probably won't build > very well, and if it does, you may be very sorry. Hopefully not too > sorry, since almost all the MAC code is conditionally compiled based on > "options MAC" and therefore this shouldn't have much if any impact for > GENERIC, but the risk exists. I'll send out a follow-up message when I'm > done merging. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Projects > robert@fledge.watson.org Network Associates Laboratories > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message