capabilities impletementation?

Joey Try jiayong02 at iscas.cn
Tue Nov 29 06:20:42 GMT 2005 

yes, how can I join you?
I have some questions about cap impletementation in trustedbsd, is there 
anyone would direct us?



>
>On Fri, 25 Nov 2005, Dingo wrote:
>
>> Robert , Scott ?? You guys want to give a bit of insight see if we can 
>> co-ordinate this between me and Joey, I think we are willing to pitch in 
>> more. I know Ive been pounding SeBSD into submission, where can we merge 
>> and bring forth the efforts faster?? And yes.. Scott a diff drop point 
>> would be good for me
>
>So an interesting question is -- if we want to move forward with the 
>POSIX.1e privilege/capability implementation, do we want to attempt to 
>make it a MAC module, or do we want to keep the implementation separate. 
>Right now, the trustedbsd_cap branch is quite dated, but probably isn't 
>all that hard to update.  It does depend on changes that are also present 
>in the SEBSD branch, so there is the potential to combine efforts.  On the 
>other hand, there are lots of changes required for both that are 
>dependencies of only one -- for example, the type enforcement related 
>changes in user space aren't required for the capability implementation. 
>My leaning would be to keep them in different work areas, but to share as 
>much of the implementation as possible.
>
>If it would make it easier, it's pretty straight forward to arrange 
>perforce accounts for both of you so you can get to and work on the 
>TrustedBSD branches in Perforce.  If you could coordinate with Scott on 
>SEBSD though, this would be great.  I know that Yanjun Wu is also quite 
>interested in the SEBSD work, and has had his hands in some local 
>implementation work relating to SEBSD.  Yanjun is also already set up with 
>Perforce access.
>
>The most recent integration dates for the various branches are currently:
>
>trustedbsd base		20051110
>   trustedbsd audit3	20050926
>   trustedbsd mac	20051110
>   trustedbsd sebsd	20050710
>
>The CAP branch may well last have been integrated in 2001.  For that, it 
>might be worth starting with a cap2 branch integrated from 
>trustedbsd_base, and then propagating specific changes to it from the 
>SEBSD and CAP branches.
>
>Robert N M Watson
>
>
>>
>> On Fri, 2005-11-25 at 16:44 +0800, Joey Try wrote:
>>> Yes, I wish to join you.
>>>
>>> I have studied the mail you forward to me, maybe Watson plan to merge CAP
>>> into MAC Framework. I also studied a little of MAC Framework in FreeBSD6.0,
>>> and found that there are not any cap_check entries, although there is also
>>> capability.h in sys/ directory! I do not know how Robert Watson plans for
>>> this.
>>>
>>>
>>>
>>>
>>>> ----Dingo----
>>>> Well per a previous conversation! Not sure how related it is to CAP but
>>>> as stated below pertaining to SeBSD as a whole. Im trying to pitch in to
>>>> bring the SeBSD to a more current 6.0 version. If you want to pitch in
>>>> someplace I think the help would be appreciated.
>>>>
>>>> ----SNIP--------
>>>>> So now that 6.0 is cut and RELEASE are there any plans to run a SeBSD
>>>>> snapshot ? Its would be nice to see something more current as even the
>>>>> previous snapshot was based on a dated early version of 6.). Any plans
>>>>> in the works, I see the base is current, but seBSD tree is still dated
>>>>
>>>> I'm in the process of updating the TrustedBSD base branch to a recent
>>>> 7.x, and hope to finish that in the next few days.  I have plans to then
>>>> merge those changes towards the MAC branch, although that will take some
>>>> time to merge due to some conflicting changes between the base FreeBSD
>>>> tree and MAC branch.  Once those prerequisites are in place, it should
>>>> be possible to begin work on updating SEBSD to a post 6.0-RELEASE state.
>>>> One of the conflicts introduced in earlier work was that FreeBSD has
>>>> made further moves towards using nmount(), which generated conflicts
>>>> with the introduction of a labeled mount system call in the SEBSD
>>>> branch.  With the movement towards nmount(), a special system call for a
>>>> labeled mount is no longer required, as the label can simply become an
>>>> additional nmount() argument.  However, some further tweaking and
>>>> merging of that conversion is required.  In short: currently, no ETA,
>>>> but hopefully in the next month or so.
>>>>
>>>> More hands are certainly welcome :-).  The code in the SEBSD branch
>>>> right now needs to have its update to a slightly older 6.x finished as a
>>>> first step, which basically involves fixing up any continuing disruption
>>>> from the nmount change.
>>>>
>>>> Robert N M Watson
>>>> ------SNIP-------------
>>>>
>>>> On Fri, 2005-11-25 at 15:57 +0800, Joey Try wrote:
>>>>> hi all, I am researching the POSIX.1e capabilities impletementation in TrustedBSD
>>>>>
>>>>> I only get the trustedbsd-cap source derived from FreeBSD5.0, since FreeBSD has release its 6.0 version, I want to know whether there is any updated source?  whether there is anyone I can discuss with?
>>>>>
>>>>> To Unsubscribe: send mail to majordomo at trustedbsd.org
>>>>> with "unsubscribe trustedbsd-discuss" in the body of the message
>>>>
>>>> To Unsubscribe: send mail to majordomo at trustedbsd.org
>>>> with "unsubscribe trustedbsd-discuss" in the body of the message
>>>>
>>>
>>>
>>> To Unsubscribe: send mail to majordomo at trustedbsd.org
>>> with "unsubscribe trustedbsd-discuss" in the body of the message
>>
>> To Unsubscribe: send mail to majordomo at trustedbsd.org
>> with "unsubscribe trustedbsd-discuss" in the body of the message
>>
>



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list