Pending TrustedBSD stuff, etc.
rwatson at FreeBSD.org
Fri Jun 1 09:35:58 UTC 2007
On Fri, 1 Jun 2007, Robert Watson wrote:
> On my TODO list still:
This was supposed to go to re@, but current@ seems as reasonable a place to
send it as any.
Robert N M Watson
University of Cambridge
> (1) Enable audit by default. Currently I'm working on an patch that moves
> per-process audit state into the process credential, which both improves
> audit performance for threaded apps, and also eliminates an extra memory
> allocation per process fork. Once that's reviewed/tested, I'll do the
> AUDIT enabled by default thing.
> (2) Finish eliminating SUSER_ALLOWJAIL. This is a purely syntactic patch in
> that SUSER_ALLOWJAIL actually no longer does anything, but it touches a
> significant percentage of kernel privilege checks, so requires careful
> testing and review. This patch is in flight now also.
> (3) I might do one more minor OpenBSM import -- no real functional changes,
> but documentation tweaks and cleanups, especially to the man pages.
> Things I would like to see happen, but may not get to:
> - For years, several of us have wanted to bump the System V IPC ABI to use
> full-size uid's, etc. I laid the groundwork for this in 5.x by starting to
> divorce the kernel and userspace data structures, but it's never happened.
> We would provide binary system call compatibility to previous FreeBSD
> versions, but because as the new API introduces new ABI system calls (etc)
> it's somewhat disruptive, so can only happen on a major version number
> - Peter Wemm has been talking about moving us to 64-bit inode numbers for
> years; with the advent of very large file systems and their presumed
> popularity over the coming 3-5 years, it would be really good to have this
> in 7.0 or it will have to wait for 8.0. However, this is quite a
> change, as it requires package rebuilds, etc, and we're almost out of time.
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
More information about the freebsd-current