On Sun, 28 Apr 2002, Richard Arends wrote:
> On Sun, 28 Apr 2002, Robert Watson wrote:
> > BTW, 5.0 will also allow (once we commit the MAC framework from the
> > TrustedBSD Project) kernel modules to tweak process visibility protections
> > in the kernel at runtime. For example, you can kldload a
> > mac_seeotheruids.ko policy module, which can limit what processes can view
> > of other processes based on a number of factors, including uids, and
> > information it tags onto the processes. It can also limit access to
> > socket information listed in netstat, etc.
> When will the TrustedBSD modules commited to current??
The current (vague) plan is to commit them around mid-June, but that may
slip a bit depending on development rate. Early access to the feature set
is possible via Perforce, or from cvsup10.FreeBSD.org. I'm hoping to have
the basic kernel feature set ready for integration by early June, so we
might integrate back the changes back into the main tree in phases. I
have to warn you that the stuff in the branch is moving pretty quickly,
and there are some known poor interactions, especially with non-IP
networking types, that we're still tracking down.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED] NAI Labs, Safeport Network Services
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message