Re: HEADS UP: TrustedBSD MAC supporting going into the 5.0 HEAD

[Robert Watson]

Ok, well, I committed the following:

- include files (mac.h, mac_policy.h)
- basic MAC framework (kern_mac.c)
- label management for several key types of system objects, including
  mbufs, creds, vnodes, mountpoints, sockets

I'll start up again tomorrow morning and bring in:

- management for more network objects
- management for pipes
- access control for managed objects

I'll also bring in several sample policies, including:

- mac_mls, mac_biba, mac_seeotheruids, mac_bsdextended (uid/gid-based file
  system firewall)

Finally, I'll start on the userland code:

- libc MAC extensions
- libugidfw
- userland tools such as ugidfw, {get,set}[fp]mac(8), setusercontext
  extensions

I believe that the system currently builds, but I haven't finished a
buildworld with the current set of patches.  Certainly all the compile
tests I've been doing seem OK.  If there is build breakage in userland,
it's probably because of header leakage from including kernel headers. 

In any case, will get started again first thing tomorrow morning. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
[EMAIL PROTECTED]      Network Associates Laboratories

On Tue, 30 Jul 2002, Robert Watson wrote:

> 
> I've just committed some of the supporting infrastructure files to the
> main kernel tree.  Right now, not much is hooked up to the build, but over
> the next couple of hours, I'll start to hook things up.  If you catch the
> tree at a poor moment during the commit process, it probably won't build
> very well, and if it does, you may be very sorry.  Hopefully not too
> sorry, since almost all the MAC code is conditionally compiled based on
> "options MAC" and therefore this shouldn't have much if any impact for
> GENERIC, but the risk exists.  I'll send out a follow-up message when I'm
> done merging. 
> 
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
> [EMAIL PROTECTED]      Network Associates Laboratories
> 
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-current" in the body of the message
> 


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message