From owner-p4-projects Sat Jan 25 10:46:54 2003 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 30CE937B406; Sat, 25 Jan 2003 10:46:52 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B9A0637B401; Sat, 25 Jan 2003 10:46:51 -0800 (PST) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A50D43F65; Sat, 25 Jan 2003 10:46:51 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.6/8.12.5) with SMTP id h0PIkiP4005515; Sat, 25 Jan 2003 13:46:44 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sat, 25 Jan 2003 13:46:43 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Chris Costello Cc: Brian Feldman , Perforce Change Reviews Subject: Re: PERFORCE change 24154 for review In-Reply-To: <20030125035142.GT77474@holly.machined.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 24 Jan 2003, Chris Costello wrote: > On Friday, January 24, 2003, Brian Feldman wrote: > > http://perforce.freebsd.org/chv.cgi?CH=24154 > > > > Change 24154 by green@green_laptop_2 on 2003/01/24 15:32:28 > > > > Add the set of struct file MAC entry points, and enforce them > > in SEBSD (largely untested, other than not crashing). > > When is this supposed to make it to _mac/-CURRENT? I was going to > document this but I don't think it's a good idea to start targetting > non-trustedbsd_mac branches in p4 (and non-CVS stuff in CVS). As the MAC Framework matures, the goal will be for the FreeBSD Handbook documentation to target what is in the FreeBSD tree. As the priorities for that work are a little different from the priorities of the initial MAC Framework work, we felt it was important to allow the SEBSD branch to diverge further from the MAC branch, and then re-integrate things as we had time to think about the abstractions more. The main goal of the trustedbsd_sebsd branch right now is to get a working prototype of the port of FLASK/TE up and running, even if it's skewed a bit more in the direction of "This is not quite as abstract/policy-agnostic as we'd like yet". There are some features currently in trustedbsd_mac from before the trustedbsd_sebsd branch that will probably actually get merged out of the _mac branch and kept only in the _sebsd branch until we figure out the best approach. For example, the determination of roles by /usr/bin/login is currently SEBSD-specific and isn't a merge candidate for the main tree until we get a chance to figure out how to "take a step back". Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message