Re: Pending TrustedBSD stuff, etc.


On Fri, 1 Jun 2007, Robert Watson wrote:

On my TODO list still:

This was supposed to go to re@, but current@ seems as reasonable a place to send it as any.

Robert N M Watson
Computer Laboratory
University of Cambridge


(1) Enable audit by default. Currently I'm working on an patch that moves the
per-process audit state into the process credential, which both improves
audit performance for threaded apps, and also eliminates an extra memory
allocation per process fork. Once that's reviewed/tested, I'll do the
AUDIT enabled by default thing.

(2) Finish eliminating SUSER_ALLOWJAIL. This is a purely syntactic patch in
that SUSER_ALLOWJAIL actually no longer does anything, but it touches a
significant percentage of kernel privilege checks, so requires careful
testing and review. This patch is in flight now also.

(3) I might do one more minor OpenBSM import -- no real functional changes,
but documentation tweaks and cleanups, especially to the man pages.

Things I would like to see happen, but may not get to:

- For years, several of us have wanted to bump the System V IPC ABI to use
full-size uid's, etc. I laid the groundwork for this in 5.x by starting to
divorce the kernel and userspace data structures, but it's never happened.
We would provide binary system call compatibility to previous FreeBSD
versions, but because as the new API introduces new ABI system calls (etc)
it's somewhat disruptive, so can only happen on a major version number
change.

- Peter Wemm has been talking about moving us to 64-bit inode numbers for
years; with the advent of very large file systems and their presumed
popularity over the coming 3-5 years, it would be really good to have this
in 7.0 or it will have to wait for 8.0. However, this is quite a disruptive
change, as it requires package rebuilds, etc, and we're almost out of time.

Robert N M Watson
Computer Laboratory
University of Cambridge

_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Problems with auditd -- resolved
    ... Thank you for that quick fix Robert, but sadly I am still somewhat at a loss. ... The first thing to look at is whether the audit library and commands are having trouble parsing your configuration files for some reason -- maybe there is extra white space, and we need to increase tolerance of unexpected white space, for example. ... +#ifdef USE_BSM_AUDIT ...
    (freebsd-stable)
  • Re: panic in rt_check_fib()
    ... On Sat, 13 Sep 2008, Robert Watson wrote: ... included all the changes up to 182743 panics with: ... Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from ...
    (freebsd-current)
  • Re: Consistent file system hang with RELENG_6 of today ...
    ... >> thread shown in the show pcpu output ... >> what process is shown as running and what state it is in, and using DDB, ... >> Robert N M Watson ...
    (freebsd-stable)
  • Re: ie6sp1 : Repair Function Blocked - Anyone know of a fix?
    ... Robert Aldwinckle wrote: ... >> a) Prospective Ram Problem in a dependent module. ... It may have been trapped so Dr Watson wasn't called. ... > trace the flow up to the crash. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: ie6sp1 : Repair Function Blocked - Anyone know of a fix?
    ... Robert Aldwinckle wrote: ... >> a) Prospective Ram Problem in a dependent module. ... It may have been trapped so Dr Watson wasn't called. ... > trace the flow up to the crash. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)