MAC policy module capabilities

Robert Watson rwatson at FreeBSD.org
Tue Feb 17 04:08:46 GMT 2004 

On Tue, 17 Feb 2004, Xu Hao wrote:

> (1) It is true that you cannot use TrustedBSD-MAC and TrustedBSD-CAP at
> the same time? I mean, is it true that a TrustedBSD-MAC kernel does not
> have anything capabilities code? They are all independent, aren't they? 

Currently, they are two different development branches, but some elements
of the Capability work have been merged into the SEBSD branch as well (the
"category 1" changes in the list I gave above -- each privilege check
categorized into a capability check).

> (2) Is there an TrustedBSD-MAC policy module implementation of
> capabilities? I read from the components page that "Elements of this
> implementation are being updated for FreeBSD 5.2 and will be available
> in 2003Q3 as part of the MAC Framework.". What does that mean? A MAC
> policy module or just part of the MAC framework. And, sorry for my bad
> English, does "2003Q3" means "the third quarter of 2003" ? 

It pretty much means we'll merge the capability-related checks to the main
tree so that MAC modules can instrument those checks, but the date has
slipped.  2003Q3 is indeed the third quarter of 2003, but instead I'm
guessing it will be the second quarter of 2004 (i.e., in the next couple
of months).  Messing with the privilege mechanism in an OS is a risky
thing, and I want to make sure we get it right.  I'm also not very
satisfied with the current API -- it's basically a POSIX.1e privilege set
derivative, which means that it's pretty broad in many places, and may not
provide the granularity we need for other policies.  As such, we may want
to replace it with something a bit more fine-grained before we merge.

It also has the downside of not passing in references to the objects being
manipulated, so it asks questions on the order of "Is credential <x>
exempt from DAC write permissions", rather than "Is credential <x> exempt
from DAC write permissions on object <y>". 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Senior Research Scientist, McAfee Research



To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list