hello, anybody there?

Robert Watson rwatson at FreeBSD.org
Sun Feb 4 23:00:44 GMT 2001

On Sat, 3 Feb 2001 owner-trustedbsd-discuss at cyrus.watson.org wrote:

> Hi,
> Is this list really working? Things are sooo quiet around here... 
> Charles

Well, leaving aside a botched attempt to approve your post -- yes, things
are alive, and yes, they are also very quiet.

I'm preparing a set of commits that moves the existing jail(8) support
such that it's under process credentials, instead of a property of the
process itself, and also have a 0.5.2 of ACL support ready to push out the
door with updated fixed support for ACL mask setting in setfacl.
(these further fixes to setfacl are courtesy of Chris Faulhaber).  I'd
like to start committing more ACL code to the base system, but don't have
a precise timeline for that yet.  Probably it will begin with the
committing of src/sys/kern_acl.c support routines, then a review pass on
freebsd-arch and related lists.

I'm also working on a set of improvements for the MAC code to handle
network stack integration better; right now packets are labeled when
coming in from network interfaces based on a default interface label.  I
need to add additional ioctl()'s for interface configuration to allow the
setting of that default label, and work on the enforcement code some more.
Right now, labels on packets/etc are copied around, but this should
probably change to a reference counted label model, similar to
credentials.  I received a set of modifications to my current MAC code
from Ilmar Habibulin to support non-hierarchal labels in MLS and Biba
policies, as well as more flexible handling of label names, as well as
confirmation that he seemed to have the code working for him enforcing
inter-process and process-file labeling policies.

Andrew Reiter has been working on the auditing subsystem design, and
hopefully will have the opportunity to post something about that work in
the near future :-).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list