heads up: trustedbsd_mac branch unstable for a bit

[Robert Watson]

I just finished integrated the dynamic labeling changes from green_mac
into the main trustedbsd_mac branch.  As a result, those tracking
trustedbsd_mac may want to wait a few days before updating as the changes
settle in.  We hope to have things settled down again by early next week.

For those interested, the dynamic labeling support written by Brian and
myself permits policies to associate new labeling information with kernel
objects dynamically, without any recompile of the base kernel structures. 
In the existing code, 'struct mac' was hard-coded into the kernel, so
loaded policies generally either couldn't label the objects, or required
struct mac to be updated, reducing the utility of the notion of a loadable
MAC module.  In the new world order, a pre-defined number of label "slots" 
are associated with every object, and may be allocated by policies when
they are loaded.  Policies are given hooks into various life cycle events
for the objects (allocation, various operations that are related to
labeling and access control, destruction), and so can maintain state for
the objects.  Simple policies can use the slot to hold a 'long', but more
complex policies will store pointers in their slot pointing at dynamically
allocated labeling information.  Policies are permitted the opportunity to
provide persistent backing storage for label elements via extended
attributes, if they so desire.  We're in the process of updating the
various MAC policies still, but have examples of both in the tree. 

The userland APIs for the MAC interface have not yet been updated, and so
still speak 'struct mac'.  A useful side effect of this is that you can
use all the current MAC userland tools (and on-disk labels) with the new
framework.  It's fairly straight-forward to write policies that replicate
the behavior of "jail" simply by allocating a small amount of state for
process credentials.  More complex policies may dynamically associate
label state with ucreds, vnodes, sockets, mounts, mbufs, IP fragment
reassembly queues, and more.  We'll be adding labeling to a few more
objects now that this framework is in place, including 'struct file',
'struct pipe', and others.  We'll also be re-working the userland API so
that applications can be aware of the changing policy environment in the
kernel.

In any case, some caution should be used in updating, since several
policies haven't yet been adapted (MLS and TE, in particular).  The system
on the whole seems stable, however, and the framework is now far more
flexible. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message