FreeBSD Status Report for Oct-Dec 2003

Scott Long scottl at freebsd.org
Wed Jan 28 11:11:32 PST 2004


                      October-December 2003 Status Report

                                 Introduction:

   The FreeBSD status reports are back again with the 2003 year-end edition.
   Many new projects are starting up and gaining momentum, including XFS,
   MIPS, PowerPC, and networking locking and mutlithreading. The end of 2003
   also saw the release of FreeBSD 4.9, the first stable release to have
   greater than 4GB support for the ia32 platform. Work on FreeBSD 5.2 also
   finished up and was released early in January of 2004. Many thanks to all
   of the people who worked so hard on these releases and made them happen.

   This is the largest status report ever, so read and enjoy!

   Scott Long, Robert Watson

     * Bluetooth stack for FreeBSD (Netgraph implementation)
     * ACPI
     * AGP 3.0 Support
     * Binary security updates for FreeBSD
     * Compile FreeBSD with Intels C compiler (icc)
     * Donations Team
     * DVB-ASI Support
     * FreeBSD MIDI
     * FreeBSD ports monitoring system
     * FreeBSD/MIPS Status Report
     * FreeBSD/powerpc on PPCBug-based embedded boards
     * jpman project
     * Kernel Tunables Documentation Project
     * kgi4BSD Status Report
     * KSE
     * libarchive, bsdtar
     * Network interface naming changes
     * Network Subsystem Locking and Performance
     * Porting OpenBSD's pf
     * Publications Page Update
     * SGI XFS port for FreeBSD
     * SMPng Status Report
     * The FreeBSD Russian Documentation Project
     * TrustedBSD "Security-Enhanced BSD" -- FLASK/TE Port
     * TrustedBSD Access Control Lists (ACLs)
     * TrustedBSD Audit
     * TrustedBSD Documentation
     * TrustedBSD Mandatory Access Control (MAC)
     * Wireless Networking Support

Bluetooth stack for FreeBSD (Netgraph implementation)

   Contact: Maksim Yevmenkin < m_evmenkin at yahoo.com >

   Not much to report. Bluetooth code was integrated into the FreeBSD source
   tree. Bluetooth kernel modules appear to be stable. I have received few
   success stories from the users.

   During last few months the efforts were to make Bluetooth code more user
   friendly. Bluetooth Service Discovery Procotol daemon sdpd was
   reimplemented under BSD-style license and committed. The next step is to
   integrate existing Bluetooth utilities with SDP.

   Thanks to Matt Peterson matt at peterson dot org> I now have Bluetooth
   keyboard and mouse for development. I'm currently working on Bluetooth HID
   profile implementation.

   Dave Sainty (dave at dtsp dot co dot nz) from NetBSD project offered his
   help in porting Bluetooth stack to NetBSD.

     ----------------------------------------------------------------------

ACPI

   URL: http://www.root.org/~nate/freebsd/
   URL: http://http://home.jp.freebsd.org/mail-list/acpi-jp/

   Contact: Nate Lawson <njl at FreeBSD.org>

   The updated acpi_cpu driver was committed in November. Work is ongoing to
   finish support for _CST re-evaluation, which makes it possible for laptops
   based on processors like the Centrino to use varying CPU idle states when
   on or off AC power. 5.2-RELEASE also went out with support for _CID
   packages, which fixed mouse probing for Compaq users. Control of CPU idle
   states and throttling can now be done through rc.conf(5) settings for the
   /etc/power_profile script, which switches between performance/economy
   levels when the AC status changes.

   One huge task underway is the cpufreq project, a framework for detecting
   and controlling various frequency/voltage technologies (SpeedStep,
   LongRun, ACPI Performance states, etc.) The ACPI performance states driver
   is working and the framework is being implemented. It requires newbus
   attachments for CPUs so some ground work needs to go in before the driver
   can be committed.

   ACPI-CA was updated to 20031203 in early December and with a few patches
   is reasonably stable. An ACPI debugging how-to has been written and is
   being DocBooked by trhodes at . Ongoing work on fixing interrupt storms due
   to various ways of setting up the SCI is being done by jhb at .

   I'd like to welcome Philip Paeps (philip@) to the FreeBSD team. Philip has
   written an ACPI ASUS driver that will be committed soon and has been very
   helpful on the mailing lists. We've also had a lot of help from jhb@,
   marcel@, imp@, and peter at . We're hoping to see the return of takawata@ and
   iwasaki@, who have been very helpful in the past. If any developers are
   interested in assisting with ACPI, please see the ACPI TODO and send us an
   email.

     ----------------------------------------------------------------------

AGP 3.0 Support

   Contact: John Baldwin <jhb at FreeBSD.org>

   Simple support AGP 3.0 including support for AGP 8x mode was added. The
   support is simple in that it still assumes only one master and one target.
   The main gain is the ability to use AGP 8x with drm modules that support
   it.

     ----------------------------------------------------------------------

Binary security updates for FreeBSD

   URL: http://www.daemonology.net/freebsd-update/

   Contact: Colin Percival <cperciva at daemonology.net>

   Thanks to recent donations, I am now building binary security updates for
   FreeBSD {4.7, 4.8, 4.9, 5.0, 5.1, 5.2}-RELEASE. (Note that FreeBSD 4.7 and
   5.0 are no longer officially supported; any advisories which are not
   reflected in the CVS tree will likewise not result in binary updates.)

   The current version (1.5) of FreeBSD Update will warn about locally
   modified files and will, by default, leave them untouched; if a
   "distribution branch", (i.e. crypto, nocrypto, krb4, or krb5) is
   specified, FreeBSD Update can be forced to "update" files which have been
   compiled locally.

   The only major issue remaining with FreeBSD Update is the
   single-point-of-failure of the update building process; I would like to
   resolve this in the future by having several machines cross-verify and
   cross-sign, but this will require a significant investment of time, and
   will probably have to wait until I've finished writing my DPhil thesis.

     ----------------------------------------------------------------------

Compile FreeBSD with Intels C compiler (icc)

   URL: http://www.Leidinger.net/FreeBSD/

   Contact: Alexander Leidinger <netchild at FreeBSD.org>

   The FreeBSD kernel now builds and runs fine with icc v7 (only GENERIC and
   a custom kernel tested so far). A review on arch@ revealed no major
   concerns and some src committers are willing to commit the patches. As icc
   v8 is out and defines __GNUC__ I want to rework the patches before they
   get committed so an icc v8 compiled kernel DTRT too.

   A complete build of the ports collection (as of start of December)
   finished and is under review to determine the reason of build failures.
   Current icc stats:
     * 1108 failed builds (excluding build failures because of failed
       dependencies)
     * 3535 successfully build packages (~ 1.7 GB)
   A parallel build with gcc on the same snapshot of the ports collection
   has:
     * 520 failed builds (excluding build failures because of failed
       dependencies) and
     * 7261 successfully build packages (~ 4.8 GB).

   The above mentioned build of the ports collection was run on a P4 with a
   icc compiled kernel (optimized for a P4). No kernel panics or other
   strange behavior was noticed. The ports collection was build with a
   CPUTYPE of p4 and CFLAGS set to "-Os -pipe -mfpmath=sse -msse2" in the gcc
   and "-O2" in the icc case. No package is tested for correct run-time
   behavior so far.

     ----------------------------------------------------------------------

Donations Team

   URL: http://www.freebsd.org/donations/

   Contact: Michael Lucas <donations at FreeBSD.org>

   2003 was quite successful for the Donations team. We shepherded over 200
   items from donors into the hands of developers. Some high points include:
   a small cluster for the security team, assorted laptop hardware for our
   cardbus work, and documentation for our standards group. In the main
   FreeBSD.org cluster we were able to replace 8 DEC Miata machines with 6
   Alpha DS10s (21264). Every committer doing SMP work now has
   multi-processor testing hardware.

   We have smoothed out the tax deduction process with the FreeBSD
   Foundation, and can ship donated items directly to the recipients instead
   of tying up Foundation time handling shipping.

   Current team membership is: Michael Lucas, David O'Brien, and Tom Rhodes.
   Wilko Bulte has replaced Robert Watson as the Core Team representative.

     ----------------------------------------------------------------------

DVB-ASI Support

   URL: http://proxy.6wind.com/~jardin/dvb/
   URL: http://www.computermodules.com/broadcast/broadcast-dvb.shtml
   URL: http://www.dvb.org/

   Contact: Vincent Jardin <Vincent.Jardin at 6wind.com>

   DVB ASI stands for Digital Video Broadcast - Asynchronous Serial
   Interface. It is the standard defined to send and receive DVB stream from
   Satellite (DVB-S), Terrestrial link (DVB-T), and TV Cable (DVB-C). This
   standard was developed in Europe to transport 188-byte MPEG cells and
   204-byte MPEG cells. However it can be used to carry IP over DVB too.

   The FreeBSD driver uses the newbus amd the bus-dma API. It means that it
   could be easily ported to all the BSD flavors (NetBSD, OpenBSD).

   It uses the same API than the Linux DVB ASI support from ComputerModules
   that is based on the following devices:
     * /dev/asitxN for the transmit stream (only open, write, select, close
       and ioctl are supported).
     * /dev/asirxN for the receive stream (only open, read, select, close and
       ioctl are supported).
   It means that software such as Videolan that support DVB-ASI broadcasting
   could be supported by this driver.

   Special thanks to Tom Thorsteinson from Computer Modules who helped 6WIND
   to port their driver. It is used by 6WIND in order to provide IPv4, IPv6,
   Ethernet and our network services over DVB.

   Copyright 2003-2004, 6WIND

     ----------------------------------------------------------------------

FreeBSD MIDI

   Contact: Mathew Kanner <matk at FreeBSD.org>

   This project aims to update the current MIDI implementation. We are
   currently looking at removing the current code sometime in February and
   importing the new version soon after. I'm currently working on a
   kernel/timidiy bridge for those without external hardware.

     ----------------------------------------------------------------------

FreeBSD ports monitoring system

   URL: http://lonesome.dyndns.org:4802/bento/errorlogs/index.html

   Contact: Mark Linimon <linimon_at_lonesome_dot_com>

   Enhancements continue to be made to the system. Several, including
   improvements to the PR classification algorithm, the ability to more
   correctly guess when a PR has been updated, and better handling of errors
   in both port Makefiles and the bento builds, are invisible to end-users.
   However, the addition of a "repocopy" classification is notable, as is the
   allowing the wildcard search in "overview of one port" (thanks to edwin@
   for the shove in that direction.) Additionally, logic has been added to
   identify the proposed category/portname of new ports, with the goal being
   to quickly identify possible duplications of effort. (Some SQL performance
   was sacrificed to this goal, leading to some pages to load more slowly;
   this needs to be fixed.)

   The other work has been on an email back-end to allow the occasional
   sending of email to maintainers. Two functions are currently available:
   "remind maintainers of their ports that are marked BROKEN", and "remind
   maintainers of PRs that they may not have seen." A recent run of the
   former got generally good response, especially as changing some cases of
   BROKEN to IGNORE (PR ports/61090) had removed almost all the annoying
   false positives. However, work remains to try to find out why a few
   allegedly broken ports only fail in certain environments (including the
   bento cluster).

   The next plan is to use the proposed DEPRECATED Makevar (see ports/59362)
   to create a new report to allow querying of "ports currently slated to be
   removed". This report could also be posted to ports@ periodically with
   minimal work. The author believes that doing this would allow the port
   deprecation process to be much more visible to the general FreeBSD user
   community.

     ----------------------------------------------------------------------

FreeBSD/MIPS Status Report

   URL: http://www.FreeBSD.org/projects/mips/

   Contact: Juli Mallett <jmallett at FreeBSD.org>

   TLB support code and PMAP have come along nicely. GCC and related have
   been kept up to date with the main tree. An evaluation board from Broadcom
   was donated and initial work on that platform has been occurring. Much old
   and obsolete code brought from NetBSD for bootstrapping the effort has
   been cleaned up. The system has been seen to get to the point of trying to
   initialize filesystems, but there are still bugs even before that
   milestone.

     ----------------------------------------------------------------------

FreeBSD/powerpc on PPCBug-based embedded boards

   URL: http://www.example.com/project/url/here
   URL: http://www.example.net/another/url

   Contact: Rafal Jaworowski <rafal.jaworowski at motorola.com>

   The direct objective is to make FreeBSD/powerpc work on Motorola MCP750
   and similar (single board computer that is compliant with Compact PCI
   standard) Based on this work it would be easy to bring it to other
   embedded systems.

   1. loader(8) It is based on the existing loader for FreeBSD/powerpc port
   but binding to OpenFirmware was removed and replaced with PPCBug firmware
   binding. It only supports netbooting for the moment, so disk (compact
   flash) support needs to be done one day. The loader is the only piece that
   relies onPPCBug system calls - once the kernel starts it doesn't need
   firmware support any longer.

   2. kernel It is now divorced from OpenFirmware dependencies; most of the
   groundwork finished includes: nexus stuff is sorted out (resources
   management is ok except interrupts assignment); host to PCI bridge low
   level routines are finished so configuration of and access to PCI devices
   works; the only important thing missing is the IRQ management (Raven MPIC
   part is done, but the board has the second PIC, 8259-compatible that needs
   to be set up, but here the existing code from x86 arch will be adopted)

   Once the IRQ management is cleared out, most of the devices on board would
   work straight away since they are pretty standard chips with drivers
   already implemented in the tree (e.g. if_de).

   At the moment work is on hold (don't have physical access to the device)
   but will resume when I'm back home (late Feb)

     ----------------------------------------------------------------------

jpman project

   URL: http://www.jp.FreeBSD.org/man-jp/

   Contact: Kazuo Horikawa <horikawa at FreeBSD.org>

   We have been updating existing Japanese translations of manual pages to
   meet the 5.2-RELEASE schedule. Also, 22 new translations were complete
   during this period.

     ----------------------------------------------------------------------

Kernel Tunables Documentation Project

   URL: http://www.freebsd.org/cgi/query-pr.cgi?pr=docs/44034

   Contact: Tom Rhodes <trhodes at FreeBSD.org>

   FreeBSD has well over a few hundred tunables without documentation. This
   project aims at designing an automated process to rip all available
   tunables and generate a manual page based on the selected kernel options.
   The ideal implementation, however; would gather tunables from the LINT
   kernels as well. This would provide a default manual page for all
   supported architectures. A simple tool has been forged from the various
   off-list and on-list discussions and is waiting review from the -doc team.
   Anyone interesting in reviewing my current work is requested to get in
   contact with me.

     ----------------------------------------------------------------------

kgi4BSD Status Report

   URL: http://www.freebsd.org/~nsouch/kgi4BSD
   URL: http://www.kgi-project.org

   Contact: Nicholas Souchu <nsouch at FreeBSD.org>

   Most of the console blocks are in place with nice results (see screenshots
   on the site). Boot console and virtual terminals are working with 8bit
   rendering and perfect integration of true graphic drivers in the kernel.

   Now it is time to bring it to end user and a precompiled R5.2 GENERIC
   kernel is available for this (see the site news). In parallel, after
   providing a last tarball/patch for R5.2, everything will move to Perforce.

   As always, volunteers are welcome. The task is huge but very exciting.

     ----------------------------------------------------------------------

KSE

   Contact: Daniel Eischen <deischen at FreeBSD.org>

   The libkse library will shortly be renamed to libpthread and be made the
   default thread library. This includes making the GCC -pthread option link
   to -lpthread instead of libc_r and changing PTHREAD_LIBS to -lpthread.
   David Xu has been working on GDB support and has it working with the GDB
   currently in our tree. The next step is to make a libpthread_db and get it
   working with GDB 6.0 which marcel has imported into the perforce tree.

     ----------------------------------------------------------------------

libarchive, bsdtar

   URL: http://people.freebsd.org/~kientzle/libarchive/

   Contact: Tim Kientzle <kientzle at FreeBSD.org>

   The libarchive library, which reads and writes tar and cpio archives, is
   about ready to commit to the tree. The bsdtar program, built on
   libarchive, is also nearing completion and should soon be a worthwhile
   successor to our aging GNU tar. I plan a gradual transition during which
   "bsdtar" and "gtar" will coexist in the tree.

   Oddly enough, libarchive and bsdtar are the first fruits of a project to
   completely rewrite the pkg tools. I've started architecting a libpkg
   library for handling routine package management and have a prototype
   pkg_add that is three times faster than the current version.

     ----------------------------------------------------------------------

Network interface naming changes

   Contact: Brooks Davis <brooks at FreeBSD.org>

   At the end of October, the if_name and if_unit members of struct ifnet
   were replaced with if_xname from NetBSD and if_dname and if_dunit. These
   represent the name of the interface and the driver name and instance of
   the interface respectively. Other then breaking IPFilter for a few weeks
   due to the userland being on the vendor branch, this change went quite
   well. A few ports needed minor changes, but otherwise nothing changed from
   the user perspective.

   The purpose of this change was the lay the groundwork for support for
   network interface renaming and to allow the implementation of more
   interesting pseudo interface cloning support. An example of interesting
   cloning support would be using "ifconfig fxp0.20 create" to create and
   configure a vlan interface on fxp0 that handled frames marked with the tag
   20. Interface renaming is being worked on in Perforce at the moment with a
   working version expected for review soon. Support for enhanced device
   cloning is still in the planing stage.

     ----------------------------------------------------------------------

Network Subsystem Locking and Performance

   Contact: Sam Leffler <sam at FreeBSD.org>

   The purpose of this project is to improve performance of the network
   subsystem. A major part of this work is to complete the locking of the
   networking subsystem so that it no longer depends on the "Giant lock" for
   proper operation. Removing the use of Giant will improve performance and
   permit multiple instances of the network stack to operate concurrently on
   multiprocessor systems.

   Locking of the network subsystem is largely complete. Network drivers,
   middleware layers (e.g. ipfw, dummynet, bridge, etc.), the routing tables,
   IPv4. NFS, and sockets are locked and operating without the use of Giant.
   Much of this work was included in the 5.2 release, but not enabled by
   default. The remaining work (mostly locking of the socket layer) will be
   committed to CVS as soon as we can resolve how to handle "legacy
   protocols" (i.e. those protocols that are not locked). The code can be
   obtained now from the Perforce database. A variety of test and production
   systems have been running this code for several months without any obvious
   issues.

   Performance analysis and tuning is ongoing. Initial results indicate SMP
   performance is already better than 4.x systems but UP performance is still
   lagging (though improved over -current). The removal of Giant from the
   network subsystem has reduced contention on Giant and highlighted
   performance bottlenecks in other parts of the system.

   This work was supported by the FreeBSD Foundation.

     ----------------------------------------------------------------------

Porting OpenBSD's pf

   URL: http://pf4freebsd.love2party.net
   URL: http://www.benzedrine.cx/pf.html
   URL: http://openbsd.org/faq/pf/index.html

   Contact: Max Laier <max at love2party.net>
   Contact: Pyun YongHyeon <yongari at kt-is.co.kr>

   Much work has been invested into getting release 2.00 stable. It provides
   the complete OpenBSD 3.4 function set, as well as fine grained locking to
   work with a giant free network stack.

   pf provides: IPv6 filtering and normalization, "syn-proxy" to protect
   (web)server against SYN-floods, passive OS detection, fast and modular
   address tables, source/policy routing, stateful filter and normalization
   engine, structured rulesets via anchors and many many more. Especially in
   connection with ALTQ, pf can help to harden against various flood attacks
   and improve user experience.

   New features from OpenBSD-Current like: state synchronization over wire
   and enhanced support for cloned interfaces require patches to the kernel.
   We are trying to resolve this issue and start OpenBSD-Current tracking
   again as soon as possible.

     ----------------------------------------------------------------------

Publications Page Update

   URL: http://www.daemon.li/freebsd/

   Contact: Josef El-Rayes <josef at daemon.li>

   I did a xml/xslt conversion of the html files to make maintaining of the
   page more comfortable. I removed the cdsets, which might be kept in CVS or
   some kind of archive for historical reasons. The books got an update, and
   were categorized in respect to the language they are written in. As soon
   as I get my access on the cvs repository I will commit the updates. People
   are encouraged to add local FreeBSD books, I missed, especially in the
   asian area. Feel free to send me links to books to add.

     ----------------------------------------------------------------------

SGI XFS port for FreeBSD

   Contact: Alexander Kabaev <kan at FreeBSD.org>
   Contact: Russell Cattelan <cattelan at thebarn.com>

   A project was started to revive a stalled effort to port SGI XFS
   journaling filesystem to FreeBSD. The project is based on Linux
   development sources from SGI and is currently being kept in a private
   Perforce repository. The work is progressing slowly due to lack of free
   time. At the moment we have XFS kernel module which is capable of mounting
   XFS filesystems read-only, with a panic or two happening infrequently,
   that need to be isolated and fixed. Semi-working metadata updates with
   full transaction support are there too, but will probably have to be
   rewritten to minimize the amount of custom kernel changes required.

   We seek volunteers to help with userland part of the port. Namely,
   existing xfsprogs port needs to be cleaned up, incompletely ported
   utilities brought into a working shape. xfs_dump/xfs_restore and as much
   from xfstests suite as possible need to be ported too. We do not need
   testers for now, so please to not ask for module sources just yet.

     ----------------------------------------------------------------------

SMPng Status Report

   URL: http://www.FreeBSD.org/smp/

   Contact: John Baldwin <jhb at FreeBSD.org>
   Contact: <smp at FreeBSD.org>

   Work is progressing on SMPng on several different fronts. Sam Leffler and
   several other folks have been working on locking the network stack as
   mentioned elsewhere in this update. Several infrastructure improvements
   have been made in the past few months as well.

   The low-level interrupt code for the i386 architecture has been redesigned
   to allow for a runtime selection between different types of interrupt
   controllers. This work allows the Advanced Programmable Interrupt
   Controllers (APICs) to be used instead of the AT 8259A PIC without having
   to compile a separate kernel to do so. It also allows the APIC to be used
   in a UP kernel as well as on a UP box. Together, all these changes allow
   an SMP kernel to work on a UP box and thus allowed SMP to be enabled in
   GENERIC as it already is on all of the other supported architectures. This
   work also reworked the APIC support to correctly route PCI interrupts when
   using an APIC to service device interrupts. This work was also used to add
   SMP support to the amd64 port.

   A turnstile implementation was committed that implemented a queue of
   threads blocked on a resource along with priority inheritance of blocked
   threads to the owner of the resource. Turnstiles were then used to replace
   the thread queue built into each mutex object which shrunk the size of
   each mutex as well as reduced the use of the sched_lock spin mutex.

     ----------------------------------------------------------------------

The FreeBSD Russian Documentation Project

   URL: http://www.FreeBSD.org/ru/index.html

   Contact: Andrey Zakhvatov <andy at FreeBSD.org>

   The FreeBSD Russian Documentation Project aims to provide FreeBSD
   Documentation translated to Russian. Already done: FAQ, Porters Handbook,
   WWW (partially synched with English version), some articles.

   We working at Handbook (and more docs) translation and synchronization
   with English versions and need more translators (or financial aid to
   continue our work. If you can help, please, contact us at
   ru-cvs-committers at FreeBSD.org.ua (or andy at FreeBSD.org).

     ----------------------------------------------------------------------

TrustedBSD "Security-Enhanced BSD" -- FLASK/TE Port

   URL: http://www.TrustedBSD.org/sebsd.html

   Contact: Robert Watson <rwatson at FreeBSD.org>
   Contact: TrustedBSD Discussion Mailing List
   <trustedbsd-discuss at TrustedBSD.org>

   TrustedBSD "Security-Enhanced BSD" (SEBSD) is a port of NSA's SELinux
   FLASK security architecture, Type Enforcement (TE) policy engine and
   language, and sample policy to FreeBSD using the TrustedBSD MAC Framework.
   SEBSD is available as a loadable policy module for the MAC Framework,
   along with a set of userspace extensions support security-extended
   labeling calls. In most cases, existing MAC Framework functions provide
   the necessary abstractions for SEBSD to plug in without SEBSD-specific
   changes, but some extensions to the MAC Framework have been required;
   these changes are developed in the SEBSD development branch, then merged
   to the MAC branch as they mature, and then to the FreeBSD development
   tree.

   Unlike other MAC Framework policy modules, the SEBSD module falls under
   the GPL, as it is derived from NSA's implementation. However, the eventual
   goal is to support plugging SEBSD into a base FreeBSD install without any
   modifications to FreeBSD itself.

   TrustedBSD SEBSD development branch in Perforce integrated to 5.2-RELEASE.
   Other changes in the MAC branch, including restructuring of MAC Framework
   files also integrated, and a move to zone allocation for labels. See the
   TrustedBSD MAC Framework report for more detail on these and other MAC
   changes that also affect the SEBSD work.

   FreeBSD PTY code modified so that the MAC Framework and SEBSD module can
   create pty's with the label of the process trying to access them. Improves
   compatibility with the SELinux sample policy. (Not yet merged)

   SEBSD now loads its initial policy in the boot loader rather than using a
   dummy policy until the root file system is mounted, and then loading it
   using VFS operations. This avoids initial labeling and access control
   conditions during the boot.

   security_load_policy() now passes a memory buffer and length to the
   kernel, permitting the policy reload mechanisms to be shared between the
   early boot load and late reloads. The kernel SEBSD code now no longer
   needs to perform direct file I/O relating to reading the policy.
   checkpolicy now mmap's the policy before making the system call.

   SEBSD now enforces protections on System V IPC objects and methods. Shared
   memory, semaphores, and message queues are labeled, and most operations
   are controlled. The sample policy has been updated.

   The TrustedBSD MAC Framework now controls mount, umount, and remount
   operations. A new MAC system call, mac_get_fs() can be used to query the
   mountpoint label. lmount() system call allows a mount label to be
   explicitly specified at mount time. The SEBSD policy module has been
   updated to reflect this functionality, and sample TE policy has been
   updated. (Not yet merged)

   SEBSD now enforces protections on POSIX semaphores; the sample policy has
   been updated to demonstrate how to label and control sempahores. This
   includes sample rules for PostgreSQL.

   The SEBSD sample policy, policy syntax, and policy tools have been updated
   to the SELinux code drop from August. Bmake these pieces so we don't need
   gmake.

   Provide file ioctl() MAC Framework entry point and SEBSD implementation.

   A large number of sample policy tweaks and fixes. The policy has been
   updated to permit cron to operate properly. It has been updated for
   FreeBSD 5.2 changes, including dynamically linked root. Teach the sample
   policy about FreeBSD's sendmail wrapper.

   Adapt sysinstall and install process for SEBSD pieces. Teach sysinstall,
   newfs, et al, about multilabel file systems, install SEBSD sample policy
   pieces, build policy. Automatically load the SEBSD module on first boot
   after install.

   Allow "ls -Z" to print out labels without long format.

     ----------------------------------------------------------------------

TrustedBSD Access Control Lists (ACLs)

   URL: http://www.trustedbsd.org/components.html#acls

   Contact: Robert Watson <rwatson at FreeBSD.org>
   Contact: TrustedBSD Discussion Mailing List
   <trustedbsd-discuss at TrustedBSD.org>

   TrustedBSD Access Control Lists (ACLs) provide extended discretionary
   access control support for the UFS and UFS2 file systems on FreeBSD. They
   implement POSIX.1e ACLs with some extensions, and meet the Common Criteria
   CAPP requirements. Most ACL-related work is complete, with remaining tasks
   associated with userspace integration, third party applications, and
   compatibility

   Prototyped Solaris/Linux semantics for combining ACLs and the umask: if an
   default ACL mask is defined, substitute that mask for the umask,
   permitting ACLs to override umasks. (Not merged)

     ----------------------------------------------------------------------

TrustedBSD Audit

   URL: http://www.trustedbsd.org/components.html#audit

   Contact: Robert Watson <rwatson at FreeBSD.org>
   Contact: TrustedBSD Audit Discussion List
   <trustedbsd-audit at TrustedBSD.org>

   The TrustedBSD Project is producing an implementation of CAPP compliant
   Audit support for use with FreeBSD. Little progress was made on this
   implementation between October and December other than an update to the
   existing development tree. However, in January, work began on porting the
   Darwin Audit implementation to FreeBSD. Details on this work will appear
   in the next report; more information is available on the TrustedBSD audit
   discussion list. Perforce messages may be seen on the trustedbsd-cvs
   mailing list.

     ----------------------------------------------------------------------

TrustedBSD Documentation

   URL: http://www.TrustedBSD.org/docs.html

   Contact: Robert Watson <rwatson at FreeBSD.org>
   Contact: TrustedBSD Discussion Mailing List
   <trustedbsd-discuss at TrustedBSD.org>

   The TrustedBSD Project is implementing many new features for the FreeBSD
   Project. It also provides documentation for users, administrators, and
   developers.

   mac_support.4 added -- documents TrustedBSD MAC Framework feature
   compatibility. See also the MAC Framework report.

   FreeBSD security architecture updated and corrections/additions made.

   A variety of documentation updates relating to API changes, including the
   socket-related API changes in libc/mac(3).

     ----------------------------------------------------------------------

TrustedBSD Mandatory Access Control (MAC)

   URL: http://www.trustedbsd.org/mac.html

   Contact: Robert Watson <rwatson at FreeBSD.org>
   Contact: TrustedBSD Discussion Mailing List
   <trustedbsd-discuss at TrustedBSD.org>

   The TrustedBSD Mandatory Access Control (MAC) Framework permits the
   FreeBSD kernel and userspace access control policies to be adapted at
   compile-time, boot-time, or run-time. The MAC Framework provides common
   infrastructure components, such as policy-agnostic labeling, making it
   possible to easily development and distribute new access control policy
   modules. Sample modules include Biba, MLS, and Type Enforcement, as well
   as a variety of system hardening polices.

   TrustedBSD MAC development branch in Perforce integrated to 5.2-RELEASE.

   The TrustedBSD MAC Framework now enforces protections on System V IPC
   objects and methods. Shared memory, semaphores, and message queues are
   labeled, and most operations are controlled. The Biba, MLS, Test, and Stub
   policies have been updated for System V IPC. (Not yet merged)

   The TrustedBSD MAC Framework now enforces protections on POSIX semaphore
   objects and methods. The Biba, MLS, Test, and Stub policies have been
   updated. (Not yet merged)

   The TrustedBSD MAC Framework's central kernel implementation previously
   existed in one large file, src/sys/kern/kern_mac.c. It is now broken out
   into a series of by-service files in src/sys/security/mac.
   src/sys/security/mac/mac_internal.h specifies APIs, structures, and
   variables used internally across the different parts of the framework.
   System calls and registration still occur in kern_mac.c. This permits more
   easy maintenance of locally added object types. (Merged)

   Break out mac_policy_list into two different lists, one to hold "static"
   policy modules -- ones loaded prior to kernel initialization, and that may
   not be loaded, and one for "dynamic" policy modules -- that are either
   loaded later in boot, or may be unloaded. Perform less synchronization
   when using static modules only, reducing overhead for entering the
   framework when not using dynamic modules. (Merged)

   Introduced a kernel option, MAC_STATIC, which permits only statically
   registered policy modules to be loaded at boot or compiled into the
   kernel. When running with MAC_STATIC, no internal synchronization is
   required in the MAC Framework, lowering the cost of MAC Framework entry
   points. (Not yet merged)

   Make mac.h userland API definition C++-happy. (Merged)

   Created mac_support.4, a declaration of what kernel and userspace features
   are (and aren't) supported with MAC. (Not yet merged)

   Stale SEBSD module deleted from MAC branch; SEBSD module will solely be
   developed in the SEBSD branch from now on. See the TrustedBSD SEBSD report
   for more detail.

   Use only pointers to 'struct label' in various kernel objects outside the
   MAC Framework, and use a zone allocator to allocate label storage. This
   permits label structures to have their size changed more easily without
   changing the normal kernel ABI. This also lowers the non-MAC memory
   overhead for base kernel structures. This also simplifies handling and
   storage of labels in some of the edge cases where labels are exposed
   outside of the Framework, such as in execve(). Include files outside of
   the Framework are substantially simplified and now frequently no longer
   require _label.h. (Merged)

   Giant pushed down into the MAC Framework in a number of MAC related system
   calls, as it is not required for almost all of the MAC Framework. The
   exceptions are areas where the Framework interacts with pieces of the
   kernel still covered by MAC and relies on Giant to protect label storage
   in those structures. However, even in those cases, we can push Giant in
   quite a bit past label internalization/externalization/ storage
   allocation/deallocation. This substantially simplifies file
   descriptor-based MAC label system calls. (Merged)

   Remove unneeded mpo_destroy methods for Biba, LOMAC, and MLS since they
   cannot be unloaded. (Merged)

   Biba and MLS now use UMA zones for label allocation, which improves
   storage efficiency and enhances performance. (Merged)

   Bug fix for mac_prepare_type() to better support arbitrary object label
   definitions in /etc/mac.conf. (Merged)

   Labels added to 'struct inpcb', which represents TCP and UDP connections
   at the network layer. These labels cache socket labels at the application
   layer so that the labels may be accessed without application layer socket
   locks. When a label is changed on the socket, it is pushed down to the
   network layer through additional entry points. Biba, MLS policies updated
   to reflect this change. (Merged)

   SO_PEERLABEL socket option fixed so that peer socket labels may be
   retrieved. (Merged)

   mac_get_fd() learns to retrieve local socket labels, providing a simpler
   API than SO_LABEL with getsockopt(). mac_set_fd() learns about local
   socket labels, providing a simpler API than SO_LABEL with setsockopt().
   This also improves the ABI by not embedding a struct label in the socket
   option arguments, instead using the copyin/copyout routine for labels used
   for other object types. (Merged)

   Some function names simplified relating to socket options. (Merged)

   Library call mac_get_peer() implemented in terms of getsockopt() with
   SO_PEERLABEL to improve API/ABI for networked applications that speak MAC.
   (Merged)

   mac_create_cred() renamed to mac_cred_copy(), similar to other label
   copying methods, allowing policies to implement all the label copying
   method with a single function, if desired. This also provides a better
   semantic match for the crdup() behavior. (Merged)

   Support "id -M", similar to Trusted IRIX. (Not yet merged)

   TCP now uses the inpcb label when responding in timed wait, avoiding
   reaching up to the socket layer for label information in otherwise
   network-centric code.

   Numerous bug fixes, including assertion fixes in the MAC test policy
   relating to execution and relabeling. (Merged)

     ----------------------------------------------------------------------

Wireless Networking Support

   Contact: Sam Leffler <sam at FreeBSD.org>

   Work to merge the NetBSD and MADWIFI code bases is almost complete. This
   brings in new features and improves sharing which will enable future
   development. Support was added for 802.1x client authentication (using the
   open1x xsupplicant program) and for shared key authentication (both client
   and AP) which improves interopability with systems like OS X. The awi
   driver was updated to use the common 802.11 layer and the Atheros driver
   received extensive work to support hardware multi-rate retry. Kismet now
   works with the device-independent radiotap capture format. All of this
   work is still in Perforce but should be committed to CVS soon.

   Work has begun on full 802.1x and WPA support.

     ----------------------------------------------------------------------



More information about the freebsd-stable mailing list