MAC Framework KPI changes on the way in 8-CURRENT
Robert Watson
rwatson at FreeBSD.org
Tue Oct 23 16:34:52 PDT 2007
Dear all,
Per prior e-mail on trustedbsd-discuss (a rather long time ago) I'll be
introducing a set of interface changes for the TrustedBSD MAC Framework in
8-CURRENT. These synchronize the MAC Framework KPI, at least to some extent,
with the MAC Framework in Mac OS X, and is based on cleanup work I did for
SPARTA a year or two ago. It will require updating all policy modules,
although source updates can be performed mechanically with a set of regexp's
in most cases. All policies shipped with the base OS will be update as part
of the commits. It will go in in a couple of phases, beginning with
normalizing entry point names.
I'll post regexp's to trustedbsd-discuss in a few days once it's all sorted
through. I realize this is somewhat disruptive for policy maintainers, and
apologize with that. However, the new naming scheme is both significantly
more sensible than the old one (which was evolved rather than designed), and
also will allow us to more easily make use of Mac OS X security policy modules
that may be made available as open source. If you are a policy maintainer and
have any trouble getting over the bump, please let me know and I'll be happy
to lend a hand. I had hoped to get these changes in for 7.x, but due to some
rather unfortunate timing of things outside the FreeBSD world, that was not
possible.
This will be, FYI, version 4 of the MAC Framework ABI/API in FreeBSD.
Policies compiled against the old version will be rejected by the kernel at
load-time.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-current
mailing list