PERFORCE change 52083 for review

Robert Watson rwatson at FreeBSD.org
Sun May 2 17:48:32 GMT 2004 

http://perforce.freebsd.org/chv.cgi?CH=52083

Change 52083 by rwatson at rwatson_paprika on 2004/05/02 10:47:40

	Various updates: add new items, upgrade/downgrade items in
	priority list, remove completed or OBE items.

Affected files ...

.. //depot/projects/trustedbsd/mac/MERGE#5 edit

Differences ...

==== //depot/projects/trustedbsd/mac/MERGE#5 (text+ko) ====

@@ -3,9 +3,28 @@
 	devfs changes to pass complete paths of objects into MAC Framework
 	for label initialization.
 
-	LOMAC fixes
+	System V IPC, POSIX Semaphore ABI changes to avoid sharing user
+	  and kernel structures.  Probably need to remove module unload
+	  changes for now.
+
+	System V IPC, POSIX Sempahore MAC changes to permit labeling
+	  and access control by MAC policies.
+
+	ipcs(1) label support.
+
+	MAC_STATIC to optimize performance by removing locking that
+	  supports dynamic policy changes, limiting the system to
+	  statically loaded policies.
+
+	Removal of redundant suser check in kern_xxx.c
+
+	NFS client credential fixes.
+
+	Use inpcb in preference to socket as label source where possible
+	  in netinet.  This helps to avoid the need for socket label
+	  locking in a number of important cases.
 
-	mac_test assertion updates
+	id(1) label support.
 
 Consider to merge TODO:
 
@@ -13,18 +32,12 @@
 
 	pseudofs uses MNT_MULTILABEL always.
 
-	SAVESTART flag in kern_exec.c
-
 	mac_update_mbuf_from_cipso()
 
-	Removal of redundant suser check in kern_xxx.c
-
 	sppp MAC support
 
 	ppp MAC support
 
-	NFS client credential fixes.
-
 	Biba/MLS sequential compartment set support.
 
 	FFS resilience improvements for EA support
@@ -33,17 +46,41 @@
 
 	bsd_add_rule in libugidfw
 
-	tty labeling
-
 	setfsmac in /sbin
 
 	fsck_ffs ea support
 
 	direct exec of rc
 
-	security as a directory in /etc
+	acl.9 expansions
+
+	ls(1) labels without long form
+
+	mac_support.4 man page showing what is (and isn't) supported
+	  with MAC.
+
+	sysinstall(8) support for multi-label file systems.
+
+Probably not to merge, at least not in current form:
+
+	security as a directory in /etc (note: mergemaster handles this
+	  poorly).
+
+	Use multilabel md file systems in the diskless environment.
+
+	rc executable so that there's the possibility of a domain
+	  transition from init.
+
+	tty labeling in login(1)/login.conf(5), init(8).
+
+	Build a MAC kernel by default, include in installs/releases.
+
+	setfsmac(8) reference in sbin rather than usr/sbin.
 
-	acl.9 expansions
+	SAVESTART flag in kern_exec.c -- is this needed?
 
+	missingops?
 
+	truss(1) hexdump support?
 
+	inetd(8) resource limits and labels improvements.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list