Re: MAC Framework KPI changes on the way in 8-CURRENT

From: Robert Watson <rwatson_at_FreeBSD.org>
Date: Wed, 24 Oct 2007 19:50:48 +0100 (BST)
On Wed, 24 Oct 2007, Alexandre Biancalana wrote:

>> I'll post regexp's to trustedbsd-discuss in a few days once it's all sorted 
>> through.  I realize this is somewhat disruptive for policy maintainers, and 
>> apologize with that.  However, the new naming scheme is both significantly 
>> more sensible than the old one (which was evolved rather than designed), 
>> and also will allow us to more easily make use of Mac OS X security policy 
>> modules that may be made available as open source.  If you are a policy 
>> maintainer and have any trouble getting over the bump, please let me know 
>> and I'll be happy to lend a hand.  I had hoped to get these changes in for 
>> 7.x, but due to some rather unfortunate timing of things outside the 
>> FreeBSD world, that was not possible.
>
> Thank you so much for your work!
>
> Excuse me for "hijack" your post, but I think that the question is 
> pertinent...
>
> Is there any news about the NFSv4 ACL implementation in FreeBSD ?

It's on the list of things I'd very much like to make happen for 8.0, but it 
was also on my list of things I'd very much like to have happened for 7.0, 
so... :-).  Last time I started work on this, Sun had just released an IETF 
draft starting to clarify the semantics of NFSv4 ACLs.  Previously, the RFCs 
for NFSv4 had sort of said "Look at windows", which wasn't all that helpful 
from an implementation perspective.  That draft body is now being incorporated 
into the new NFSv4 RFC, and make a better starting point.  I did do some of 
the initial work in the kernel to start breaking out the POSIX.1e ACL parts 
from the general ACL framework, but more needs to be done, including 
generalizing the system call ABI a bit more.

I think the first step, though, is for someone to implement NFSv4 ACL code in 
user space to get/set/test ACLs in various ways, and make sure that the 
semantics we'll put in the kernel are clear and well-defined.

Robert N M Watson
Computer Laboratory
University of Cambridge
Received on Wed Oct 24 2007 - 16:51:02 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:20 UTC