sample 5.3 based trusted os ;-)
Ilmar S. Habibulin
ilmar at watson.org
Wed Jan 19 08:40:34 GMT 2005
http://www.watson.org/~ilmar/download/trustedos.tbz
This patch is for 5.3, it adds:
- trustedbsd sysv mac support
- audit2 hacked (working audit)
- NFS server cred MAC hack (prevent kernel panic in nfsd with MAC enabled
and mkdir/creat op)
- network packet labeling (CIPSO & IPSec)
audit2 is working audit implementation with kernel record to bsm token
convertion, MAC label (slabel) support. Most syscalls are audited.
I hope part of this will help trustedbsd become more stable and
functional. By the way, i had to change audit vnpath/upath functions,
because i've got strange panics in audit_worker thread while audit tailq
processing. The panic was triggered by vn_fullpath() calls. So i simply
replaced it with bcopy. You can try 'make buildworld' stress test under
trustedbsd-audit3 and i think it will panic. If not, then just add some
vnpath audit call to syscalls.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list