capabilities impletementation?
Yanjun Wu
yanjun03 at ios.cn
Tue Nov 29 12:17:41 GMT 2005
I have written "SEBSD Getting Started HOWTO" for the past Google Summer of
Code. The PDF version is attached. Hope it useful for anyone who would like
to involve SEBSD development and test.
Now I am trying to merge SEBSD into FreeBSD 6.0 Release in my local machine.
Most of things in current SEBSD branch seems OK to directly port to FreeBSD
6.0R, except for create_devfs_xxx and mount related entrypoints Robert had
mentioned before.
On Monday 28 November 2005 14:01, Robert Watson wrote:
>
> So an interesting question is -- if we want to move forward with the
> POSIX.1e privilege/capability implementation, do we want to attempt to
> make it a MAC module, or do we want to keep the implementation separate.
> Right now, the trustedbsd_cap branch is quite dated, but probably isn't
> all that hard to update. It does depend on changes that are also present
> in the SEBSD branch, so there is the potential to combine efforts. On the
> other hand, there are lots of changes required for both that are
> dependencies of only one -- for example, the type enforcement related
> changes in user space aren't required for the capability implementation.
> My leaning would be to keep them in different work areas, but to share as
> much of the implementation as possible.
>
> If it would make it easier, it's pretty straight forward to arrange
> perforce accounts for both of you so you can get to and work on the
> TrustedBSD branches in Perforce. If you could coordinate with Scott on
> SEBSD though, this would be great. I know that Yanjun Wu is also quite
> interested in the SEBSD work, and has had his hands in some local
> implementation work relating to SEBSD. Yanjun is also already set up with
> Perforce access.
>
> The most recent integration dates for the various branches are currently:
>
> trustedbsd base 20051110
> trustedbsd audit3 20050926
> trustedbsd mac 20051110
> trustedbsd sebsd 20050710
>
> The CAP branch may well last have been integrated in 2001. For that, it
> might be worth starting with a cap2 branch integrated from
> trustedbsd_base, and then propagating specific changes to it from the
> SEBSD and CAP branches.
>
> Robert N M Watson
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SEBSD_HOWTO.pdf
Type: application/pdf
Size: 92472 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/trustedbsd-discuss/attachments/20051129/cccf60d6/SEBSD_HOWTO.pdf
More information about the trustedbsd-discuss
mailing list