MAC Framework KPI changes on the way in 8-CURRENT
Robert Watson
rwatson at FreeBSD.org
Wed Oct 24 11:51:03 PDT 2007
On Wed, 24 Oct 2007, Alexandre Biancalana wrote:
>> I'll post regexp's to trustedbsd-discuss in a few days once it's all sorted
>> through. I realize this is somewhat disruptive for policy maintainers, and
>> apologize with that. However, the new naming scheme is both significantly
>> more sensible than the old one (which was evolved rather than designed),
>> and also will allow us to more easily make use of Mac OS X security policy
>> modules that may be made available as open source. If you are a policy
>> maintainer and have any trouble getting over the bump, please let me know
>> and I'll be happy to lend a hand. I had hoped to get these changes in for
>> 7.x, but due to some rather unfortunate timing of things outside the
>> FreeBSD world, that was not possible.
>
> Thank you so much for your work!
>
> Excuse me for "hijack" your post, but I think that the question is
> pertinent...
>
> Is there any news about the NFSv4 ACL implementation in FreeBSD ?
It's on the list of things I'd very much like to make happen for 8.0, but it
was also on my list of things I'd very much like to have happened for 7.0,
so... :-). Last time I started work on this, Sun had just released an IETF
draft starting to clarify the semantics of NFSv4 ACLs. Previously, the RFCs
for NFSv4 had sort of said "Look at windows", which wasn't all that helpful
from an implementation perspective. That draft body is now being incorporated
into the new NFSv4 RFC, and make a better starting point. I did do some of
the initial work in the kernel to start breaking out the POSIX.1e ACL parts
from the general ACL framework, but more needs to be done, including
generalizing the system call ABI a bit more.
I think the first step, though, is for someone to implement NFSv4 ACL code in
user space to get/set/test ACLs in various ways, and make sure that the
semantics we'll put in the kernel are clear and well-defined.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-current
mailing list