Updating FreeBSD to TrustedBSD
Robert Watson
rwatson at FreeBSD.org
Thu May 6 01:38:31 GMT 2004
On Mon, 3 May 2004, bogdan wrote:
> I started cvsupping trustedbsd to /usr/p4cvs and I've noticed it has
> the same directories as /usr/src. Can I cvsup trustedbsd to /usr/src
> thus downloading only updated files?
As far as I know, there's not really a good way to do this using cvsup, as
cvsup won't be able to tell based on version information which versions
are equivilent, and which aren't. So this means you're basically stuck
cvsuping the entire thing, although perhaps there is a way to tell it to
download only the kernel source (which is where most of the changes are,
currently). That said, the trustedbsd_mac branch is actually very close
to the main FreeBSD CVS HEAD right now -- the majority of the large
changes are in the trustedbsd_sebsd branch. Here's a brief summary
changes between the CVS HEAD and the trustedbsd_mac HEAD:
- The device file system is modified to provide more complete path
information to the MAC Framework.
- System V IPC and POSIX Semaphores have security labels and MAC policy
modules can maintain labels and control access on these objects. The
various label-based policy modules now control them.
- The NFS server uses real credential references as opposed to embedded
credential structures.
- The wait()-related system calls can be controlled by MAC policies, and
are controlled by our label-based policies.
- MAC policies can inspect CIPSO tags and update mbuf labels based on
them. No policies currently implement this entry point. There isn't
currently a way for policies to insert CIPSO labels on locally generated
packets.
- A number of additional network components are updated to support MAC
better, including kernel PPP, SPPP.
- The Biba and MLS label formats allow you to express sequential
compartment ranges in a more compact format.
- The kernel UFS2 implementation is more resilient to on-disk corruption
of extended attributes. The userspace file system checking code is able
to detect UFS2 extended attribute corruption.
- The ls(1) command can display labels for files without being used with
the "long" format (-l).
- mac_support(4) man page is a work in progress, but attempts to document
what is (and is not) supported in a MAC configuration.
- sysinstall(8) supports configuring file systems as multi-label file
systems from creation.
- login.conf(5) now supports a 'ttylabel' field that is used by login(1)
command to set tty labels when the user logs in.
- inetd(8) has an improved ability to run commands/daemons with specific
labels.
- The diskless environment uses multi-label file systems for memory file
systems.
The SEBSD branch has the larger changes, which are (at a high level) as
follows:
- SEBSD policy module :-). Port of FLASK/TE based on SELinux.
- Sample Type Enforcement policy, label specification derived from
SELinux.
- libsebsd support library based on libselinux, although somewhat modified
as the MAC Framework offer system calls for label management on many
objects.
- SEBSD policy tools -- checkpolicy, et al.
- Ability to specify a specific label for a new file system at mount using
a flag to mount(8) (and the mount system call). Also a system call to
retrieve the MAC label on a file system.
- All references to suser() replaced with calls to cap_check() and
explicit POSIX.1e privileges so that MAC policy modules can control
privileges granted in the kernel.
- Labels on file descriptors (struct file), as well as access controls.
This was required by FLASK/TE which wishes to control file descriptors
as a means of communication/control.
- Modifications to the pty driver so that pty devices allocated are
assigned the label of the process opening them. This work is incomplete
as we also need to immediately recycle a pty once it's done being used
so that the label is reset.
- Additional protect checks and labeling related to file system
mountpoints and operations (mount, unmount, remount).
- sysinstall(8) modified to exclude features not currently supported or
built with our SEBSD distribution.
So if you're not going to be using these features, you probably can run on
the CVS HEAD without a problem. We're working on preparing these features
for merging prior to FreeBSD 5.3.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Senior Research Scientist, McAfee Research
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list