sample 5.3 based trusted os ;-)

bugghy bugghy at home.ro
Mon Jan 24 18:43:59 GMT 2005 

--------------------------
|diff
-druN ./sys/security/mac/mac_posix_sem.c /home/ilmar/trustedos/src/sys/security/mac/mac_posix_sem.c
|--- ./sys/security/mac/mac_posix_sem.c Fri Oct  1 12:22:30 2004
|+++ /home/ilmar/trustedos/src/sys/security/mac/mac_posix_sem.c Mon Dec
27 01:50:35 2004
--------------------------
File to patch:
...
--------------------------
|diff
-druN ./usr.sbin/auditconfig/do_functions.c /home/ilmar/trustedos/src/usr.sbin/auditconfig/do_functions.c
|--- ./usr.sbin/auditconfig/do_functions.c      Thu Sep  9 17:49:30 2004
|+++ /home/ilmar/trustedos/src/usr.sbin/auditconfig/do_functions.c
Tue Dec 28 17:40:56 2004
--------------------------
File to patch: 
...
--------------------------
|diff
-druN ./usr.sbin/setkey/mac.c /home/ilmar/trustedos/src/usr.sbin/setkey/mac.c
|--- ./usr.sbin/setkey/mac.c    Wed Oct  6 16:23:45 2004
|+++ /home/ilmar/trustedos/src/usr.sbin/setkey/mac.c    Tue Dec 28
17:50:24 2004
--------------------------

mac_posix_sem.c do_functions.c and mac.c don't exist in RELEASE-p5 src

On Wed, 2005-01-19 at 03:40 -0500, Ilmar S. Habibulin wrote:
> http://www.watson.org/~ilmar/download/trustedos.tbz
> 
> This patch is for 5.3, it adds:
> - trustedbsd sysv mac support
> - audit2 hacked (working audit)
> - NFS server cred MAC hack (prevent kernel panic in nfsd with MAC enabled
>   and mkdir/creat op)
> - network packet labeling (CIPSO & IPSec)
> 
> audit2 is working audit implementation with kernel record to bsm token
> convertion, MAC label (slabel) support. Most syscalls are audited.
> 
> I hope part of this will help trustedbsd become more stable and
> functional. By the way, i had to change audit vnpath/upath functions,
> because i've got strange panics in audit_worker thread while audit tailq
> processing. The panic was triggered by vn_fullpath() calls. So i simply
> replaced it with bcopy. You can try 'make buildworld' stress test under
> trustedbsd-audit3 and i think it will panic. If not, then just add some
> vnpath audit call to syscalls.
> 
> 
> To Unsubscribe: send mail to majordomo at trustedbsd.org
> with "unsubscribe trustedbsd-discuss" in the body of the message
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/trustedbsd-discuss/attachments/20050124/9b4ea722/attachment.bin

More information about the trustedbsd-discuss mailing list