Exciting project

Robert Watson rwatson at FreeBSD.org
Mon Dec 10 18:29:47 GMT 2001 

On Mon, 10 Dec 2001, Gabriel Ambuehl wrote:

> > FreeBSD, I suspect the most important accomplishments will be the
> > ability to enforce mandatory access control policies, and provide
> > system auditing services.
> 
> Can we expect TrustedBSD to provide a facility to log all changes to the
> filesystem? This would not only be nice for auditing purposes, but also
> for stuff like virus scanners or filesystem replication tools.  In fact,
> I'm desperately searching for a way to be notified of file changes for
> exactly this... 

The TrustedBSD audit project has a seperate list, trustedbsd-audit; I've
seen some designs and sample implementation bits fly around, but it's
still a "work in progress".  Any thoughts or time you have to invest in it
would probably be much appreciated.

> > Originally, the TrustedBSD extensions were targetted specifically
> > at the FreeBSD platform, and FreeBSD is still the primary target
> > for this work. TrustedBSD features are begin integrated back into
> > the base FreeBSD source, and a number of them will be available in
> > FreeBSD 5.0-RELEASE next year.
> 
> I hope ACLs will be working then. That would make FreeBSD a much better
> player in many multi user environments. Personally, ACLs are THE feature
> that I miss the most on all FreeNixes... 

ACL's currently work fairly well in 5.0-CURRENT.  In fact, if you install
recent versions of Samba on top of 5.0, and have ACLs enabled, it supports
them automatically and you can manage the ACLs from NT systems even. Third
party backup tools such as star already handle ACLs on FreeBSD correctly,
also.  There's still on-going integration work regarding userland tools
(such as ls).  The one area where we'll see future work is in the area of
performance and reliability.  NAI Labs has a contract with Kirk McKusick
and Poul-Henning Kamp to bring us more tightly integrated support for
extended attributes (and by dependency, ACLs) in FFS, which should bring
better performance, and reliability through integration with soft updates.
We're still working out the timeline for this, as it depends on the
availability of the contractors.

> >> And finally, when can we try this out in beta?
> > Some of the TrustedBSD features are already accessible in
> > development snapshots of FreeBSD 5.0.  The FreeBSD Project
> > currently plans to release a full development snapshot in late
> > January, although the release itself attributes, file system ACLs,
> > and reasonable support for POSIX.1e
> > capabilities (privileges) will be in that snapshot.  We're
> > currently  
> 
> That's *great* news. Allows us admins to get familiar with all the
> exciting features way before the release... 

That's the theory, anyway. :-)

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list