As an FYI to -CURRENT users: I've enabled "options MAC" in the GENERIC kernel in order to allow MAC users to enable security policy modules without a kernel recompile. By default, it shouldn't change the behavior of the system, and should have negligible performance impact. However, if you run into problems, please let me know -- hopefully we'll have lots of time before 8.0 to shake them out. Thanks, Robert N M Watson Computer Laboratory University of Cambridge ---------- Forwarded message ---------- Date: Tue, 2 Jun 2009 18:31:08 +0000 (UTC) From: Robert Watson <rwatson_at_FreeBSD.org> To: src-committers_at_freebsd.org, svn-src-all_at_freebsd.org, svn-src-head_at_freebsd.org Subject: svn commit: r193334 - in head/sys: amd64/conf i386/conf ia64/conf pc98/conf powerpc/conf sparc64/conf sun4v/conf Author: rwatson Date: Tue Jun 2 18:31:08 2009 New Revision: 193334 URL: http://svn.freebsd.org/changeset/base/193334 Log: Remove MAC kernel config files and add "options MAC" to GENERIC, with the goal of shipping 8.0 with MAC support in the default kernel. No policies will be compiled in or enabled by default, but it will now be possible to load them at boot or runtime without a kernel recompile. While the framework is not believed to impose measurable overhead when no policies are loaded (a result of optimization over the past few months in HEAD), we'll continue to benchmark and optimize as the release approaches. Please keep an eye out for performance or functionality regressions that could be a result of this change. Approved by: re (kensmith) Obtained from: TrustedBSD Project Deleted: head/sys/amd64/conf/MAC head/sys/i386/conf/MAC head/sys/ia64/conf/MAC head/sys/pc98/conf/MAC head/sys/powerpc/conf/MAC head/sys/sparc64/conf/MAC head/sys/sun4v/conf/MAC Modified: head/sys/amd64/conf/GENERIC head/sys/i386/conf/GENERIC head/sys/ia64/conf/GENERIC head/sys/pc98/conf/GENERIC head/sys/powerpc/conf/GENERIC head/sys/sparc64/conf/GENERIC head/sys/sun4v/conf/GENERIC Modified: head/sys/amd64/conf/GENERIC ============================================================================== --- head/sys/amd64/conf/GENERIC Tue Jun 2 18:30:09 2009 (r193333) +++ head/sys/amd64/conf/GENERIC Tue Jun 2 18:31:08 2009 (r193334) _at__at_ -70,6 +70,7 _at__at_ options KBD_INSTALL_CDEV # install a CD options STOP_NMI # Stop CPUS using NMI instead of IPI options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options MAC # TrustedBSD MAC Framework #options KDTRACE_FRAME # Ensure frames are compiled in #options KDTRACE_HOOKS # Kernel DTrace hooks Modified: head/sys/i386/conf/GENERIC ============================================================================== --- head/sys/i386/conf/GENERIC Tue Jun 2 18:30:09 2009 (r193333) +++ head/sys/i386/conf/GENERIC Tue Jun 2 18:31:08 2009 (r193334) _at__at_ -71,6 +71,7 _at__at_ options KBD_INSTALL_CDEV # install a CD options STOP_NMI # Stop CPUS using NMI instead of IPI options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options MAC # TrustedBSD MAC Framework #options KDTRACE_HOOKS # Kernel DTrace hooks # Debugging for use in -current Modified: head/sys/ia64/conf/GENERIC ============================================================================== --- head/sys/ia64/conf/GENERIC Tue Jun 2 18:30:09 2009 (r193333) +++ head/sys/ia64/conf/GENERIC Tue Jun 2 18:31:08 2009 (r193334) _at__at_ -40,6 +40,7 _at__at_ options INVARIANTS # Enable calls of ex options INVARIANT_SUPPORT # required by INVARIANTS options KDB # Enable kernel debugger support options KTRACE # ktrace(1) syscall trace support +options MAC # TrustedBSD MAC Framework options MD_ROOT # MD usable as root device options MSDOSFS # MSDOS Filesystem options NFSCLIENT # Network Filesystem Client Modified: head/sys/pc98/conf/GENERIC ============================================================================== --- head/sys/pc98/conf/GENERIC Tue Jun 2 18:30:09 2009 (r193333) +++ head/sys/pc98/conf/GENERIC Tue Jun 2 18:31:08 2009 (r193334) _at__at_ -73,6 +73,7 _at__at_ options _KPOSIX_PRIORITY_SCHEDULING # P options KBD_INSTALL_CDEV # install a CDEV entry in /dev options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options MAC # TrustedBSD MAC Framework # Debugging for use in -current options KDB # Enable kernel debugger support. Modified: head/sys/powerpc/conf/GENERIC ============================================================================== --- head/sys/powerpc/conf/GENERIC Tue Jun 2 18:30:09 2009 (r193333) +++ head/sys/powerpc/conf/GENERIC Tue Jun 2 18:31:08 2009 (r193334) _at__at_ -64,6 +64,7 _at__at_ options SYSVSEM #SYSV-style semaphore options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options MAC # TrustedBSD MAC Framework # Debugging for use in -current options KDB #Enable the kernel debugger Modified: head/sys/sparc64/conf/GENERIC ============================================================================== --- head/sys/sparc64/conf/GENERIC Tue Jun 2 18:30:09 2009 (r193333) +++ head/sys/sparc64/conf/GENERIC Tue Jun 2 18:31:08 2009 (r193334) _at__at_ -65,6 +65,7 _at__at_ options SYSVSEM # SYSV-style semaphor options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options MAC # TrustedBSD MAC Framework # Debugging for use in -current options KDB # Enable kernel debugger support. Modified: head/sys/sun4v/conf/GENERIC ============================================================================== --- head/sys/sun4v/conf/GENERIC Tue Jun 2 18:30:09 2009 (r193333) +++ head/sys/sun4v/conf/GENERIC Tue Jun 2 18:31:08 2009 (r193334) _at__at_ -66,6 +66,7 _at__at_ options AHC_REG_PRETTY_PRINT # Print re options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing +options MAC # TrustedBSD MAC Framework # Debugging for use in -current options KDB # Enable kernel debugger support.Received on Tue Jun 02 2009 - 17:12:15 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:49 UTC