How to bring au_to_attr(3) back to the userland?
Robert N. M. Watson
rwatson at FreeBSD.org
Fri Sep 23 10:19:29 UTC 2016
On 23 Sep 2016, at 11:09, Konrad Witaszczyk <def at freebsd.org> wrote:
>> I guess you have two choices:
>>
>> (1) Retain existing KPIs to slightly ease merging to FreeBSD and Mac OS X; they can adopt the new in-kernel interfaces when ready.
>
> I think it won't be hard to adopt the changes in the FreeBSD kernel together
> with the changes in libbsm. Would you still consider it as an issue because of
> macOS if we fix it in FreeBSD? I don't know how important it is to their
> developers to stick with the current OpenBSM implementation.
While the kernel and userspace share code from OpenBSM in both FreeBSD and Mac OS X, it’s useful to be able to upgrade userspace without necessarily changing kernel code — e.g., if security patches are required in parsing, etc. I think it would be best to differentiate the new programming interface by giving it a new name, and keeping the existing interface, but marked to be removed at a future date. We could even discourage its use by making if #ifdef OPENBSM_DEPRECATED or such, requiring that it be explicitly enabled to be available to hint to those doing merges that it’s time to move to the new KPI.
Robert
More information about the trustedbsd-audit
mailing list