Is capabilities available now?

traverser at vip.sina.com traverser at vip.sina.com
Sun Feb 15 07:41:18 GMT 2004 

Hi!

  The analysis from Robert Watson and Chris Wright are really great! Helped me a lot. Thank you very much.
  
----- Original Message -----
From:Robert Watson <rwatson at FreeBSD.org>
To:Chris Wright <chrisw at osdl.org>
Subject:Re: Is capabilities available now?
Date:Sat, 14 Feb 2004 04:08:34 +0800
> On Thu, 12 Feb 2004, Chris Wright wrote:

skip

> > >   (2) If the anwser for the above question is 'yes', then why do you
> > >       use this name for the framework ? --MAC, Mandotary Access Control? This
> > >       is just a security module in LSM framework.
> > 
> > The LSM framework is really closer to a MAC framework, as it's primary
> > goal is to support access control models.
> 
> We've been talking about renaming the MAC Framework to indicate that it's
> a general-purpose access control framework (for example, you can implement
> DAC policies quite easily).  However, it's unclear what to rename it to. 
> Functionality such as IPsec and key management, disk crypto, etc, all are
> arguably "security", and so I've shied away from renaming it to be a
> security framework.  And for some reason, AC Framework doesn't do it for
> me either :-).

I think ACF( Access Control Framework ) is pretty good.

> > > (3) I'm especially interested in capabilities. Is capabilities
> > function now available in MAC framework? If yes, where and how can I get
> > the source code of it? 
> > 
> > There is/was a trustedbsd-cap branch with the capabilities code in it. 
> > I believe the trustedbsd-sebsd (port of selinux) branch also has
> > capabilities in it.  AFAIK, it's not in FreeBSD-current yet... 
> 
> This is correct.  In the past, we've developed a pretty mature
> implementation of a variation of POSIX.1e capabilities from FreeBSD,

Is the code still available? Where and how? I really want to see it.

http://www.trustedbsd.org/components.html said:
...but is based on an older FreeBSD 5.0-CURRENT snapshot. Elements of this implementation are being updated for FreeBSD 5.2 and will be available in 2003Q3 as part of the MAC Framework...
What is exactly the current status of TrustedBSD capability?

Thanks

X.H. Beijing
______________________________________

===================================================================

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list