BOUNCE trustedbsd-discuss@cyrus.watson.org: Approval required:

owner-trustedbsd-discuss at cyrus.watson.org owner-trustedbsd-discuss at cyrus.watson.org
Sun Feb 4 23:00:47 GMT 2001 

>From robert+sec.trustedbsd at cyrus.watson.org  Sun Feb  4 18:00:47 2001
Received: from fledge.watson.org (root at fledge.watson.org [204.156.12.50])
	by cyrus.watson.org (8.9.3/8.9.3) with ESMTP id SAA55657
	for <trustedbsd-discuss at cyrus.watson.org>; Sun, 4 Feb 2001 18:00:47 -0500 (EST)
	(envelope-from robert at fledge.watson.org)
Received: from fledge.watson.org (robert at fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.1/8.11.1) with SMTP id f14N0jh74790;
	Sun, 4 Feb 2001 18:00:45 -0500 (EST)
	(envelope-from robert at fledge.watson.org)
Date: Sun, 4 Feb 2001 18:00:44 -0500 (EST)
From: Robert Watson <rwatson at FreeBSD.org>
X-Sender: robert at fledge.watson.org
To: Charles Calthrop <charles.calthrop at usa.net>
cc: trustedbsd-discuss at cyrus.watson.org
Subject: Re: hello, anybody there?
In-Reply-To: <200102042253.RAA55573 at cyrus.watson.org>
Message-ID: <Pine.NEB.3.96L.1010204175417.63315G-100000 at fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


On Sat, 3 Feb 2001 owner-trustedbsd-discuss at cyrus.watson.org wrote:

> Hi,
> 
> Is this list really working? Things are sooo quiet around here... 
> 
> Charles

Well, leaving aside a botched attempt to approve your post -- yes, things
are alive, and yes, they are also very quiet.

I'm preparing a set of commits that moves the existing jail(8) support
such that it's under process credentials, instead of a property of the
process itself, and also have a 0.5.2 of ACL support ready to push out the
door with updated fixed support for ACL mask setting in setfacl.
(these further fixes to setfacl are courtesy of Chris Faulhaber).  I'd
like to start committing more ACL code to the base system, but don't have
a precise timeline for that yet.  Probably it will begin with the
committing of src/sys/kern_acl.c support routines, then a review pass on
freebsd-arch and related lists.

I'm also working on a set of improvements for the MAC code to handle
network stack integration better; right now packets are labeled when
coming in from network interfaces based on a default interface label.  I
need to add additional ioctl()'s for interface configuration to allow the
setting of that default label, and work on the enforcement code some more.
Right now, labels on packets/etc are copied around, but this should
probably change to a reference counted label model, similar to
credentials.  I received a set of modifications to my current MAC code
from Ilmar Habibulin to support non-hierarchal labels in MLS and Biba
policies, as well as more flexible handling of label names, as well as
confirmation that he seemed to have the code working for him enforcing
inter-process and process-file labeling policies.

Andrew Reiter has been working on the auditing subsystem design, and
hopefully will have the opportunity to post something about that work in
the near future :-).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services




To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list