The ports move

[Samy Al Bahra]

We will soon be making an inevitable move with MAC by moving the
TrustedBSD/FreeBSD policies out of the main tree and into the ports
system. To the people who prefer certain modules to be in base, a simple
distribution set can be made for repeated installs. This is done in
hopes to recognize and support 3rd-party policies in a scalable manner.

Ports will be created for:
mac_bsdextended
mac_chkexec
mac_ifoff
mac_lomac
mac_partition
mac_portacl
mac_seeotheruids
mac_suidacl

While, mac_none, mac_stub, mac_test, mac_mls and mac_biba will remain in
base. A patch will be sent for inclusion in the ports system to the
ports team to recognize a proposed API tracking scheme for MAC.

A security.mac.version will be added containing a string value similar
to _FreeBSD_version for 3rd party policies to make use of. The scheme we
will be making use of will use a linear system for -HEAD. For example,
-HEAD will have the special prefix of "99". With every API change in
-HEAD we will increment our counter. So, the version will be "9900000"
at time of import into our tree. If we were to make an API change, we
would bump the -HEAD counter to "9900001". Upon branching for a release,
a new prefix would be created for that branch. For example, at one
point, -HEAD might be at "9900123", if we were to branch it for a 7.X
release, 7.X will have a _MAC_version/security.mac.version of
"700000" (note the implicit zero BTW). API changes would be tracked
across branches elegantly in this manner. If no feedback is provided in
the coming days, we will assume everyone is fine with the above, and the
move will occur with the above plans. The above will pertain to future
policy maintainers in the coming MAC virtual category in ports.

-- 
Samy Al Bahra <samy at kerneled.org>
Kerneled.org

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message