Adding new top-level section to Developer's Handbook: System Architecture?
Robert Watson
rwatson at FreeBSD.org
Mon May 19 18:54:35 UTC 2003
As part of the Network Associates Laboratories CBOSS contract with DARPA
to improve FreeBSD system security, we have a task to write a FreeBSD
Security Architecture. We're preparing to make the first draft of this
document available -- it provides a high level view of how security
services in the kernel and userland operate, talks about bullet security
features, adaptation of FreeBSD security to particular tasks, etc. Right
now, our thought is to make it a chapter in the Developer's Handbook.
Unfortunately, it wasn't immediately clear where it should go. Today, the
structure of the document is:
I Basics
II Inter-Process Communication
III Kernel
"FreeBSD Security Architecture" fits poorly into any of these categories:
it's not basic, it's not IPC (although it talks a bit about IPC), and it's
not strictly kernel since it talks fairly extensively about the
integration of the user security elements. My first pass temptation was
to change the format to be more like the following:
I Basics
II Inter-Process Communication
III High-Level Architecture
IV Kernel
And stick in the secarch chapter as the (currently) sole section of III.
At some point, I'd also like to copy the SMP arch document into this tree,
although that's more strictly a kernel thing.
I'm not sure adding a High Level Architecture section is the long term
solution. The long term solution might be to break it into two books --
one on developing/debugging FreeBSD, and the other on developing/debugging
on FreeBSD. Or perhaps an Architecture/design book separate from a
practices and procedures book.
Regardless, would anyone object to my taking the above described strategy
for the time being, when I bring in the current draft?
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
More information about the freebsd-doc
mailing list