sample 5.3 based trusted os ;-)
Robert Watson
rwatson at FreeBSD.org
Wed Jan 19 12:10:20 GMT 2005
On Wed, 19 Jan 2005, Ilmar S. Habibulin wrote:
> http://www.watson.org/~ilmar/download/trustedos.tbz
>
> This patch is for 5.3, it adds:
> - trustedbsd sysv mac support
FYI, I've started merging the System V IPC MAC code to 6.x but haven't yet
finished. I'm hope to get that done in the next few weeks. I need to
look at ABI issues relating to merging that work to 5.x, as it requires a
bump of the MAC Framework module version number. My leaning is to defer a
merge to 5.x until a few other changes are also merged to the MAC
Framework and then merge the entire new ABI/API and provide a
compatibility stub to get older MAC modules to work without issue.
> - audit2 hacked (working audit)
This is the slightly older BSM code in audit2 rather than the slightly
newer (but in progress) BSM code in audit3, right? Do you see any
impediments or issues with moving to the newer code base, other than
getting the necessary audit calls into the system call code as you've
presumably done (haven't looked at your drop yet :-). Did we ever get the
audit3 tree exported usefully via cvsup?
> - NFS server cred MAC hack (prevent kernel panic in nfsd with MAC enabled
> and mkdir/creat op)
Do you have a patch for this specific change? We've got a number of
NFS-related MAC changes in the MAC branch that need to be cleaned up,
fixed, and merged, so that NFS server credentials are "real" managed
credentials, not struct cred's embedded in another data structure.
> - network packet labeling (CIPSO & IPSec)
>
> audit2 is working audit implementation with kernel record to bsm token
> convertion, MAC label (slabel) support. Most syscalls are audited.
I've just imported some of Apple's basic audit test tools (developed at
McAfee Research) into the audit3 tree in
//depot/projects/trustedbsd/audit3/tools/regression/audit/test/...
Those pieces have been generously made available by Apple under a BSD
license.
Robert N M Watson
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list