PERFORCE change 109042 for review
Todd Miller
millert at FreeBSD.org
Thu Nov 2 15:50:54 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=109042
Change 109042 by millert at millert_g5tower on 2006/11/02 15:42:24
Don't reference documents not shipped as part of sedarwin.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/README#4 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/README#4 (text+ko) ====
@@ -1,4 +1,4 @@
-Port of TrustedBSD MAC Framework to Darwin 8.6
+Port of TrustedBSD MAC Framework to Darwin 8.7
SPARTA, Inc
7110 Samuel Morse Drive
@@ -44,7 +44,7 @@
appropriate for use in production environments.
The following modifications have been made relative to Apple's Darwin
-10.4.7 release:
+8.7 release:
- Inclusion of a subset of the MAC Framework entry points to
provide label support and protection of files, processes, System V
@@ -138,10 +138,6 @@
generated in a more intelligent way. In the future, would like to provide
additional automatic policy generation through the use of these tags.
- - The MAC Framework API documentation has been updated; documentation is
- available in the docs/Framework/html/directory.
-
-
New Features in the 20060929 release
=====================================
@@ -248,17 +244,6 @@
- kernel symbol printing has been reenabled.
- - Improved documentation has been included. In particular,
- updates were made to the Design and Implementation document, the
- Policy Module Writing guide, and man pages. A new document
- (ISSO-06-008-Boot.pdf) discusses Boot time improvements made, their
- interaction with the MAC Framework and sample policies with respect to
- boot integrity.
-
- - The MAC Framework API documentation has been updated;
- documentation is available in the docs/Framework/html/
- directory.
-
- The ERRATA has the current list of defects.
@@ -351,14 +336,8 @@
required to include mac.h
- Improved documentation has been included. In particular,
- updates were made to the Design and Implementation document, the
- Policy Module Writing guide, the Testing guide, and the set of
- man pages.
+ updates were made to the man pages.
- - The MAC Framework API documentation has been updated;
- documentation is available in the docs/Framework/html/
- directory.
-
- Some defects that were causing instabilities in the MAC Framework
and MLS policy has been fixed. See ERRATA for the current list of
defects.
@@ -371,9 +350,6 @@
and MLS policy has been fixed. See ERRATA for the current list of
defects.
- - There are changes in the testbed and detailed instructions can be
- found in docs/TestingMacFramework.pdf
-
New Features in the 20051223 release
=====================================
@@ -503,20 +479,7 @@
further automate some of the steps that must be done manually
when using the tarfile installation method.
- - New and improved documentation has been included. In particular,
- a new guide detailing the Design and Implementation of MAC on Darwin 8,
- an updated Policy Module Writing guide, Testing guide and man pages
- for all MAC Framework APIs has been completed.
- - The MAC Framework API documentation has been updated;
- documentation is available in the docs/Framework/html/
- directory.
-
- - Two Review documents have been completed and are included in
- this release. The Application Review and the IOKit Review
- reports are available in the docs/review directory.
-
-
New Features in the 20050930 release
====================================
@@ -560,16 +523,7 @@
- The documentation has been improved. In particular, man pages
for all MAC Framework APIs has been completed.
- - The MAC Framework API documentation has been updated;
- documentation is available in the docs/Framework/html/
- directory.
- - Three Review documents have been completed and are included in
- this release. The Framework Review, the System Boot Review, and
- the KEXT Review reports are available in the docs/review
- directory.
-
-
New Features in the 20050630 release
====================================
@@ -646,12 +600,6 @@
mac_create_sysv_sema -> mac_create_sysv_sem
mac_cleanup_sysv_sema -> mac_cleanup_sysv_sem
- - This release includes the results of the investigation into
- distributed file systems. A paper summarizing the results is
- available as docs/isso-05-0001-DFS.pdf and a prototype
- implementation (using NFS) is available in the src/nfssuite
- directory.
-
- The kernel was modified to provide support for login contexts; a
login context is used to associate both windowed non-graphical
applications with a single user-facing session. In a future
@@ -688,17 +636,9 @@
access control for Mach IPC. Prototype modifications to the MLS
policy to control information flow via Mach IPC.
- - Two documents summarizing the results of experimentation with
- applications making extensive use of Mach IPC describing how
- Mach IPC is used, and the potential impact on mandatory access
- control. The two CMW papers are available in the docs
- directory, named 'cmw-like-security.pdf' and 'MLS-usage.pdf'.
-
- Additional maturing in VFS security; in particular, vn_read,
vn_write, and vn_rdwr access controls were changed.
- - Documentation for all supported MAC Framework entry points is
- available in the docs/Framework/html/ directory.
New Features in Drop 5
======================
@@ -716,10 +656,6 @@
the intent that the build system use consistently uses only the
GNU format.
- - Additional documentation on the test framework and on CMW-like
- access controls for Apple OS X is nearly complete and will be
- separately shipped.
-
New Features in Drop 4
======================
@@ -774,9 +710,7 @@
======================
- Mach IPC tracing facility - The 'ipctrace' policy module causes
- the system to store a log of how IPC is used in Darwin. More
- information on ipctrace can be found in docs/ipctrace.txt.
- Some example results are also included in examples/ipctrace.
+ the system to store a log of how IPC is used in Darwin.
- System V IPC controls and labelling - Darwin's implementation of
System V shared memory and semaphore arrays was extended to
@@ -786,13 +720,11 @@
- Updates to SEDarwin - The SEDarwin policy module was extended to
support System V IPC security. The supplied policy permits IPC
- only between programs running in the same domain. More
- information on the sedarwin module is available in docs/sedarwin.txt.
+ only between programs running in the same domain.
- MLS (Multi-Level Security) policy module - We have ported the
TrustedBSD MLS policy module to the Darwin security
- framework. More information on the macmls module is available
- in docs/macmls.txt.
+ framework.
- Updates to the mactest policy module - We have made improvements
to the mactest module so that it now supports additional entry
@@ -841,13 +773,12 @@
==================
Instructions for building this system may be found in the
-src/dsep-install.txt and src/dsep-install-gui.txt files included
-with the release. The build instructions include references to
-specific versions of Apple-provided operating system software and
-tools; this release is unlikely to work correctly with any other
-revisions of Apple's software, and may behave incorrectly, resulting
-in system failure and/or data loss. The preferred system setup
-procedures are documented in docs/system-setup.txt.
+sefos-install.txt file included with the release. The build
+instructions include references to specific versions of Apple-provided
+operating system software and tools; this release is unlikely to
+work correctly with any other revisions of Apple's software, and
+may behave incorrectly, resulting in system failure and/or data
+loss.
Policy Module Support
More information about the trustedbsd-cvs
mailing list