Re: Pending TrustedBSD stuff, etc.

From: Robert Watson <rwatson_at_FreeBSD.org>
Date: Fri, 1 Jun 2007 10:35:57 +0100 (BST)
On Fri, 1 Jun 2007, Robert Watson wrote:

> On my TODO list still:

This was supposed to go to re_at_, but current_at_ seems as reasonable a place to 
send it as any.

Robert N M Watson
Computer Laboratory
University of Cambridge

>
> (1) Enable audit by default.  Currently I'm working on an patch that moves 
> the
>    per-process audit state into the process credential, which both improves
>    audit performance for threaded apps, and also eliminates an extra memory
>    allocation per process fork.  Once that's reviewed/tested, I'll do the
>    AUDIT enabled by default thing.
>
> (2) Finish eliminating SUSER_ALLOWJAIL.  This is a purely syntactic patch in
>    that SUSER_ALLOWJAIL actually no longer does anything, but it touches a
>    significant percentage of kernel privilege checks, so requires careful
>    testing and review.  This patch is in flight now also.
>
> (3) I might do one more minor OpenBSM import -- no real functional changes,
>    but documentation tweaks and cleanups, especially to the man pages.
>
> Things I would like to see happen, but may not get to:
>
> - For years, several of us have wanted to bump the System V IPC ABI to use
>  full-size uid's, etc.  I laid the groundwork for this in 5.x by starting to
>  divorce the kernel and userspace data structures, but it's never happened.
>  We would provide binary system call compatibility to previous FreeBSD
>  versions, but because as the new API introduces new ABI system calls (etc)
>  it's somewhat disruptive, so can only happen on a major version number
>  change.
>
> - Peter Wemm has been talking about moving us to 64-bit inode numbers for
>  years; with the advent of very large file systems and their presumed
>  popularity over the coming 3-5 years, it would be really good to have this
>  in 7.0 or it will have to wait for 8.0.  However, this is quite a 
> disruptive
>  change, as it requires package rebuilds, etc, and we're almost out of time.
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
>
Received on Fri Jun 01 2007 - 07:35:58 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:11 UTC