How about placeholder entrypoints in the coming FreeBSD 6.0?

[Robert Watson]

On Thu, 20 Oct 2005, Yanjun Wu wrote:

> Our small team aims to provide security features for FreeBSD stable 
> version. SEBSD(from the recent sebsd perforce branch) currently is our 
> preferable choice. When looking into mac_policy.h in 6.0beta4, I saw 
> many entrypoints in the mac_policy_ops are like _mpo_placeholderN(void), 
> and they are actually entrypoints used by SEBSD. The 6.0 Release is 
> coming soon. Will it replace these placeholders with the entrypoints of 
> SEBSD, or just remove them?

Yanjun,

The intent of the placeholder entry points in 6.0 is to allow additional 
entry points from the MAC and SEBSD branches to be merged to CVS (HEAD and 
RELENG_6) without changing the ABI for security modules.  Obviously, older 
security modules won't gain the ability to implement new entry points, but 
they at least won't find themselves implementing entry points they don't 
expect.  The merges of those entry points will happen sometime after 6.0, 
but hopefully during the life span of the 6.x branch.  Right now the entry 
points fall into a number of areas, from system call enter/exit entry 
points, to entry points relating to file descriptor labeling, to entry 
points associated with file system mounts.  I expect they will trickle in 
as we become more confident about their implementations.

Thanks,

Robert N M Watson
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message