[fmac-discuss] First FMAC source available

[John Weeks]

The first FMAC source installment is now available and can be
downloaded from the fmac-gate:

  hg clone ssh://anon@hg.opensolaris.org/hg/fmac/fmac-gate

FMAC Alpha 1 Release Notes

  These release notes document the Alpha 1 code drop of the
  Flask/Type Enforcement (TE) code that is based on toolchain/policy
  Version 15. This code enables the initial policy load operation,
  but does not yet enable any labeling or access controls for processes
  or objects. That functionality will be added to future releases.

Feature List

  The following describes features of this Alpha 1 code drop:

  * The policy file is automatically loaded by the kernel during
    boot from /etc/security/fmac/ss_policy.

  * checkpolicy is fully functional and builds with yacc, lex, and m4.

  * This Alpha 1 release is based on onnv_87. Use the corresponding
    onbld and closed bins that are available from opensolaris.org at
    http://dlc.sun.com/osol/on/downloads/b87/.

Accessing the FMAC Source Files

  You can download the Alpha 1 FMAC source code from the fmac-gate:

   hg clone ssh://anon@hg.opensolaris.org/hg/fmac/fmac-gate

  The fmac-gate include onnv_87 & FMAC Alpha 1.

The following list describes the FMAC specific source locations:

  usr/src/common/fmac         - Policy Flask definitions and
                                security server code shared by
                                user space and the kernel

  usr/src/cmd/fmac            - Policy configuration and user
                                space tools

  usr/src/uts/common/sys/fmac - Flask headers and generated definitions

  usr/src/uts/common/fmac     - Flask kernel-only code

Known Limitations

  * The source for the policy is in usr/src/cmd/fmac/policy.
    It has not yet been modified for use with OpenSolaris.

  * FMAC system calls have not yet been integrated.

  * setfiles is functional, but the code to get and set file
    contexts is stubbed out until the library and system calls
    are implemented.

  * This code has only been built and verified on x64 using a
    debug build (stock opensolaris.sh). A build and verification
    on SPARC is coming in a future code drop.

Reporting Bugs

  For each problem you encounter, send the following information
  to help the team determine the root cause of the problem:

  1. Describe the problem and describe what you were doing when
     you encountered the problem.

     NOTE: Give as much information as you can to enable the team
     to reproduce the problem.

  2. Describe your configuration.

     For example, system type, CPU type.

  3. Describe the bits you have installed.

     For example, run the following command on the system:
      % cat /etc/motd
      % cat /etc/release

  4. If the problem is a panic, include the stack trace and
     access to the core file.

  5. Send the information in an email message to the
     fmac-discuss at opensolaris list.

     NOTE: You must be a member of the list before you can post
     messages to it.

Regards,

John & Stephen