From john.weeks at sun.com Fri May 2 23:46:21 2008 From: john.weeks at sun.com (John Weeks) Date: Fri, 02 May 2008 23:46:21 -0700 Subject: [fmac-discuss] First FMAC source available Message-ID: <481C0A3D.4040800@sun.com> The first FMAC source installment is now available and can be downloaded from the fmac-gate: hg clone ssh://anon at hg.opensolaris.org/hg/fmac/fmac-gate FMAC Alpha 1 Release Notes These release notes document the Alpha 1 code drop of the Flask/Type Enforcement (TE) code that is based on toolchain/policy Version 15. This code enables the initial policy load operation, but does not yet enable any labeling or access controls for processes or objects. That functionality will be added to future releases. Feature List The following describes features of this Alpha 1 code drop: * The policy file is automatically loaded by the kernel during boot from /etc/security/fmac/ss_policy. * checkpolicy is fully functional and builds with yacc, lex, and m4. * This Alpha 1 release is based on onnv_87. Use the corresponding onbld and closed bins that are available from opensolaris.org at http://dlc.sun.com/osol/on/downloads/b87/. Accessing the FMAC Source Files You can download the Alpha 1 FMAC source code from the fmac-gate: hg clone ssh://anon at hg.opensolaris.org/hg/fmac/fmac-gate The fmac-gate include onnv_87 & FMAC Alpha 1. The following list describes the FMAC specific source locations: usr/src/common/fmac - Policy Flask definitions and security server code shared by user space and the kernel usr/src/cmd/fmac - Policy configuration and user space tools usr/src/uts/common/sys/fmac - Flask headers and generated definitions usr/src/uts/common/fmac - Flask kernel-only code Known Limitations * The source for the policy is in usr/src/cmd/fmac/policy. It has not yet been modified for use with OpenSolaris. * FMAC system calls have not yet been integrated. * setfiles is functional, but the code to get and set file contexts is stubbed out until the library and system calls are implemented. * This code has only been built and verified on x64 using a debug build (stock opensolaris.sh). A build and verification on SPARC is coming in a future code drop. Reporting Bugs For each problem you encounter, send the following information to help the team determine the root cause of the problem: 1. Describe the problem and describe what you were doing when you encountered the problem. NOTE: Give as much information as you can to enable the team to reproduce the problem. 2. Describe your configuration. For example, system type, CPU type. 3. Describe the bits you have installed. For example, run the following command on the system: % cat /etc/motd % cat /etc/release 4. If the problem is a panic, include the stack trace and access to the core file. 5. Send the information in an email message to the fmac-discuss at opensolaris list. NOTE: You must be a member of the list before you can post messages to it. Regards, John & Stephen From darrenm at opensolaris.org Tue May 6 05:10:07 2008 From: darrenm at opensolaris.org (Darren J Moffat) Date: Tue, 06 May 2008 13:10:07 +0100 Subject: [fmac-discuss] First FMAC source available In-Reply-To: <481C0A3D.4040800@sun.com> References: <481C0A3D.4040800@sun.com> Message-ID: <48204A9F.3010209@opensolaris.org> John Weeks wrote: > Reporting Bugs > > For each problem you encounter, send the following information > to help the team determine the root cause of the problem: > > 1. Describe the problem and describe what you were doing when > you encountered the problem. > > NOTE: Give as much information as you can to enable the team > to reproduce the problem. I'd recommend getting a defect.opensolaris.org category setup for logging bugs. -- Darren J Moffat From john.weeks at sun.com Thu May 8 12:31:19 2008 From: john.weeks at sun.com (John Weeks) Date: Thu, 08 May 2008 12:31:19 -0700 Subject: [fmac-discuss] First FMAC source available In-Reply-To: <48204A9F.3010209@opensolaris.org> References: <481C0A3D.4040800@sun.com> <48204A9F.3010209@opensolaris.org> Message-ID: <48235507.4040409@sun.com> Darren J Moffat wrote: > John Weeks wrote: >> Reporting Bugs >> >> For each problem you encounter, send the following information >> to help the team determine the root cause of the problem: >> >> 1. Describe the problem and describe what you were doing when >> you encountered the problem. >> >> NOTE: Give as much information as you can to enable the team >> to reproduce the problem. > > I'd recommend getting a defect.opensolaris.org category setup for > logging bugs. Great idea Darren. I submit a request for an FMAC category. > From sommerfeld at sun.com Mon May 12 17:53:05 2008 From: sommerfeld at sun.com (Bill Sommerfeld) Date: Mon, 12 May 2008 20:53:05 -0400 Subject: [fmac-discuss] labeled ipsec design review invitation. Message-ID: <1210639985.1014.48.camel@localhost> Folks on this list interested in labeled ipsec (and labeled networking in general) may be interested in reviewing the design document for the first phase of labeled IPsec. Please see http://www.opensolaris.org/os/project/txipsec/Design/ and send review comments to security-discuss at opensolaris.org Thank you. - Bill