PERFORCE change 24154 for review

Robert Watson rwatson at freebsd.org
Sat Jan 25 18:46:43 GMT 2003


On Fri, 24 Jan 2003, Chris Costello wrote:

> On Friday, January 24, 2003, Brian Feldman wrote:
> > http://perforce.freebsd.org/chv.cgi?CH=24154
> > 
> > Change 24154 by green at green_laptop_2 on 2003/01/24 15:32:28
> > 
> > 	Add the set of struct file MAC entry points, and enforce them
> > 	in SEBSD (largely untested, other than not crashing).
> 
>    When is this supposed to make it to _mac/-CURRENT?  I was going to
> document this but I don't think it's a good idea to start targetting
> non-trustedbsd_mac branches in p4 (and non-CVS stuff in CVS). 

As the MAC Framework matures, the goal will be for the FreeBSD Handbook
documentation to target what is in the FreeBSD tree.  As the priorities
for that work are a little different from the priorities of the initial
MAC Framework work, we felt it was important to allow the SEBSD branch to
diverge further from the MAC branch, and then re-integrate things as we
had time to think about the abstractions more.  The main goal of the
trustedbsd_sebsd branch right now is to get a working prototype of the
port of FLASK/TE up and running, even if it's skewed a bit more in the
direction of "This is not quite as abstract/policy-agnostic as we'd like
yet".  There are some features currently in trustedbsd_mac from before the
trustedbsd_sebsd branch that will probably actually get merged out of the
_mac branch and kept only in the _sebsd branch until we figure out the
best approach.  For example, the determination of roles by /usr/bin/login
is currently SEBSD-specific and isn't a merge candidate for the main tree
until we get a chance to figure out how to "take a step back".

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Network Associates Laboratories


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list