PERFORCE change 16684 for review

Robert Watson rwatson at
Sat Sep 7 02:33:54 GMT 2002

On Thu, 5 Sep 2002, Chris Costello wrote:

> On Tuesday, August 27, 2002, Robert Watson wrote:
> >
> > 
> > Change 16684 by rwatson at rwatson_paprika on 2002/08/27 22:16:33
> > 
> > 	Adopt consistent sorting of new pre-syscall entry point
> > 	as found in mac (store with other process-related entry
> > 	points rather than in the access control section).
>    What does this help, and can/will it be broken up into a set of entry
> points more in-line with what we have now?  This seems to stick out like
> a sore thumb... 

We have a bunch of functional changes in the queue, but once those are in
the tree, I'd actually like to do another pass at renaming and reordering
the entry points.  The access control entry points are now largely right
(there are a few oddities involving the VM calls though).  I'd like to
make the event entry points sort in a similar manner.  In particular,
sorted by object type in the form:


Similar to the checks, which are in the form:


Before that we have at least the following in the queue:

  Port of lomac to the MAC framework
  Pipe lock fixing
  Merge new userland API to the trustedbsd_mac tree
  Fix VFS locking and handling of labels on vnodes

Right now all that's really holding up the userland code is that it
requires certain binaries that are currently statically linked to be able
to dlopen() MAC modules, which we can't do right now.  This will be
required to do the nsswitch support also, as well as certain classes of
internationalization.  It's not quite clear what the answer is right
now--at least temporarily, it may be to break out this functionality into
a seperate usr.sbin/macctl, which is a shame, since interface labeling
really does belong in ifconfig.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at      Network Associates Laboratories

To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list