Pending TrustedBSD stuff, etc.
rwatson at FreeBSD.org
Fri Jun 1 09:34:46 UTC 2007
On my TODO list still:
(1) Enable audit by default. Currently I'm working on an patch that moves the
per-process audit state into the process credential, which both improves
audit performance for threaded apps, and also eliminates an extra memory
allocation per process fork. Once that's reviewed/tested, I'll do the
AUDIT enabled by default thing.
(2) Finish eliminating SUSER_ALLOWJAIL. This is a purely syntactic patch in
that SUSER_ALLOWJAIL actually no longer does anything, but it touches a
significant percentage of kernel privilege checks, so requires careful
testing and review. This patch is in flight now also.
(3) I might do one more minor OpenBSM import -- no real functional changes,
but documentation tweaks and cleanups, especially to the man pages.
Things I would like to see happen, but may not get to:
- For years, several of us have wanted to bump the System V IPC ABI to use
full-size uid's, etc. I laid the groundwork for this in 5.x by starting to
divorce the kernel and userspace data structures, but it's never happened.
We would provide binary system call compatibility to previous FreeBSD
versions, but because as the new API introduces new ABI system calls (etc)
it's somewhat disruptive, so can only happen on a major version number
- Peter Wemm has been talking about moving us to 64-bit inode numbers for
years; with the advent of very large file systems and their presumed
popularity over the coming 3-5 years, it would be really good to have this
in 7.0 or it will have to wait for 8.0. However, this is quite a disruptive
change, as it requires package rebuilds, etc, and we're almost out of time.
Robert N M Watson
University of Cambridge
More information about the freebsd-current