Add the new Monthly Status Reports section and the June 2001 status
report.
This commit is contained in:
parent
50c582f957
commit
6cf525d30c
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/www/; revision=10138
4 changed files with 537 additions and 1 deletions
|
@ -1,4 +1,4 @@
|
|||
# $FreeBSD: www/en/news/Makefile,v 1.23 2000/11/07 04:05:18 kuriyama Exp $
|
||||
# $FreeBSD: www/en/news/Makefile,v 1.24 2001/04/13 00:53:57 eric Exp $
|
||||
|
||||
.if exists(../Makefile.conf)
|
||||
.include "../Makefile.conf"
|
||||
|
@ -30,5 +30,6 @@ SUBDIR+= 1997
|
|||
SUBDIR+= 1998
|
||||
SUBDIR+= 1999
|
||||
SUBDIR+= 2000
|
||||
SUBDIR+= status
|
||||
|
||||
.include "${WEB_PREFIX}/share/mk/web.site.mk"
|
||||
|
|
16
en/news/status/Makefile
Normal file
16
en/news/status/Makefile
Normal file
|
@ -0,0 +1,16 @@
|
|||
# $FreeBSD$
|
||||
|
||||
.if exists(../Makefile.conf)
|
||||
.include "../Makefile.conf"
|
||||
.endif
|
||||
.if exists(../Makefile.inc)
|
||||
.include "../Makefile.inc"
|
||||
.endif
|
||||
|
||||
DOCS= status.sgml
|
||||
DOCS+= report-june-2001.sgml
|
||||
|
||||
INDEXLINK= status.html
|
||||
|
||||
.include "${WEB_PREFIX}/share/mk/web.site.mk"
|
||||
|
497
en/news/status/report-june-2001.sgml
Normal file
497
en/news/status/report-june-2001.sgml
Normal file
|
@ -0,0 +1,497 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
|
||||
<!ENTITY base CDATA "../..">
|
||||
<!ENTITY date "$FreeBSD$">
|
||||
<!ENTITY title "FreeBSD Status Report, June 2001">
|
||||
<!ENTITY % includes SYSTEM "../../includes.sgml"> %includes;
|
||||
]>
|
||||
|
||||
<html>
|
||||
&header;
|
||||
|
||||
<h2>Introduction</h2>
|
||||
|
||||
<p>One of the benefits of the FreeBSD development model is a focus on
|
||||
centralized design and implementation, in which the operating system is
|
||||
maintained in a central repository, and discussed on centrally maintained
|
||||
lists. This allows for a high level of coordination between authors of
|
||||
various components of the system, and allows policies to be enforced over
|
||||
the entire system, covering issues ranging from architecture to style.
|
||||
However, as the FreeBSD developer community has grown, and the rate of
|
||||
both mailing list traffic and tree modifications has increased, making it
|
||||
difficult even for the most dedicated developer to remain on top of all
|
||||
the work going on in the tree.</p>
|
||||
|
||||
<p>The FreeBSD Monthly Development Status Report attempts to address this
|
||||
problem by providing a vehicle that allows developers to make the broader
|
||||
community aware of their on-going work on FreeBSD, both in and out of the
|
||||
central source repository. This is the first issue, and as such is an
|
||||
experiment. For each project and sub-project, a one paragraph summary is
|
||||
included, indicating progress since the last summary (in this case, simply
|
||||
recent progress, as there have been no prior summaries).</p>
|
||||
|
||||
<p>This status report may be reproduced in whole or in part, as long as the
|
||||
source is clearly identified and appropriate credit given. </p>
|
||||
|
||||
<h2>Future Editions</h2>
|
||||
|
||||
<p>Assuming there is some positive feedback on this idea, and that future
|
||||
submissions get made such that there is content for future issues, the
|
||||
goal is to release a development status report once a month. As such, the
|
||||
next deadline will be July 31, 2001, with a scheduled publication date in
|
||||
the first week of August. This will put the status report on a schedule
|
||||
in line with the calendar, as well as providing a little over a month
|
||||
until the next deadline, which will include a number of pertinent events,
|
||||
including the Annual USENIX Technical Conference in Boston, MA.
|
||||
Submissions should be e-mailed to:</p>
|
||||
|
||||
<blockquote><a href="mailto:robert+freebsd.monthly@cyrus.watson.org">
|
||||
robert+freebsd.monthly@cyrus.watson.org</a></blockquote>
|
||||
|
||||
<p>Many submitters will want to wait until the last week of July so as to
|
||||
provide the most up-to-date status report; however, submissions will be
|
||||
accepted at any time prior to that date.</p>
|
||||
|
||||
<p><i>-- Robert Watson <<a href="mailto:rwatson@FreeBSD.org">rwatson@FreeBSD.org</a>></i></p>
|
||||
|
||||
<h2>Projects</h2>
|
||||
|
||||
<p>The following projects submitted summaries for the June 2001 report:</p>
|
||||
|
||||
<ul>
|
||||
<li><a href="#binup">Binary Updater Project</a></li>
|
||||
<li><a href="#prdrive">"Close a PR drive"</a></li>
|
||||
<li><a href="#cvsroot">CVSROOT script rewrite/tidy</a></li>
|
||||
<li><a href="#devfs">DEVFS</a></li>
|
||||
<li><a href="#digi">digi driver</a></li>
|
||||
<li><a href="#diskcheckd">Diskcheckd</a></li>
|
||||
<li><a href="#if_fxp">if_fxp driver</a></li>
|
||||
<li><a href="#java">Java Project</a></li>
|
||||
<li><a href="#kgi">Kernel Graphics Interface port</a></li>
|
||||
<li><a href="#libh">libh</a></li>
|
||||
<li><a href="#mount">Mount(2) API</a></li>
|
||||
<li><a href="#oldcard">OLDCARD pccard implemenation</a></li>
|
||||
<li><a href="#ppc">PowerPC port</a></li>
|
||||
<li><a href="#pseudofs">pseudofs</a></li>
|
||||
<li><a href="#ppp">PPP</a></li>
|
||||
<li><a href="#relnotesng">RELNOTESng</a></li>
|
||||
<li><a href="#smpng">SMPng Project</a></li>
|
||||
<li><a href="#smpng-mbuf">SMPng mbuf allocator</a></li>
|
||||
<li><a href="#sparc64">Sparc64 Port</a></li>
|
||||
<li><a href="#trustedbsd-acls">TrustedBSD ACLs</a></li>
|
||||
<li><a href="#trustedbsd-cap">TrustedBSD Capabilities</a></li>
|
||||
<li><a href="#trustedbsd-mac">TrustedBSD MAC and Object Labeling</a></li>
|
||||
</ul>
|
||||
|
||||
<h2>Status Reports</h2>
|
||||
|
||||
<a name="binup"></a>
|
||||
<h3>Binary Updater Project</h3>
|
||||
|
||||
<p><i>Contacts: Eric Melville <<a href="mailto:eric@FreeBSD.org">eric@FreeBSD.org</a>>, Murray Stokely <<a href="mailto:murray@FreeBSD.org">murray@FreeBSD.org</a>></i></p>
|
||||
<p><i>URL: <a href="http://people.freebsd.org/~murray/updater.html">http://people.freebsd.org/~murray/updater.html</a></i></p>
|
||||
|
||||
<p>The FreeBSD Binary Updater Project aims to provide a secure mechanism
|
||||
for the distribution of binary updates for FreeBSD. This project is
|
||||
complementary to the Open Packages and libh efforts and there should
|
||||
be very little overlap with those projects. The system uses a client
|
||||
/ server mechanism that allows clients to install any known "profile"
|
||||
or release of FreeBSD over the network. Where a specific profile
|
||||
might contain a specific set of FreeBSD software to install,
|
||||
additional packages, and configuration actions that make it more
|
||||
ideal for a specific environment (ie FreeBSD 4.3 Secure Web Server
|
||||
Profile)</p>
|
||||
|
||||
<p>The system can currently be used to install a FreeBSD system or
|
||||
perform the most simple of upgrades but many features are absent. In
|
||||
particular, the client is in its infancy and much work remains to be
|
||||
done. We need additional developers so please get in touch with us
|
||||
at <a href="mailto:updater@osd.bsdi.com">updater@osd.bsdi.com</a>
|
||||
if you are interested in spending some cycles
|
||||
on this.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="prdrive"></a>
|
||||
<h3>"Close a PR drive"</h3>
|
||||
|
||||
<p><i>Contact: Poul-Henning Kamp <<a href="mailto:phk@FreeBSD.org">phk@FreeBSD.org</a>></i></p>
|
||||
<p><i>URL: <a href="http://phk.freebsd.dk/Gnats/">http://phk.freebsd.dk/Gnats/</a></i></p>
|
||||
|
||||
<p>Poul-Henning Kamp kicked off a drive to get our GNATS PR database
|
||||
cleaned up so the wheat can be sorted from the chaff. Progress is
|
||||
good, but there is still a lot of work to do. Give a hand if you
|
||||
can. Remember: every unhandled PR is a pissed off contributor or
|
||||
user.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="cvsroot"></a>
|
||||
<h3>CVSROOT script rewrite/tidy</h3>
|
||||
|
||||
<p><i>Contact: Josef Karthauser <<a href="mailto:joe@FreeBSD.org">joe@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>I'm in the process of rewriting the CVSROOT/scripts to make them more
|
||||
clean and configurable. A lot of other projects also use these and
|
||||
so it makes sense to make them as easy to use in other environments as
|
||||
possible.</p>
|
||||
|
||||
<p>Status: work in progress. There is now a configuration file, but not
|
||||
all the scripts use it yet.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="devfs"></a>
|
||||
<h3>DEVFS</h3>
|
||||
|
||||
<p><i>Contact: Poul-Henning Kamp <<a href="mailto:phk@FreeBSD.org">phk@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>Work is progressing on implementing true cloning devices in DEVFS.
|
||||
Brian Somers and Poul-Henning Kamp are working to make if_tun the
|
||||
first truly cloning driver in the system. Next will be the pty
|
||||
driver and the bpf driver. </p>
|
||||
|
||||
<p>From July 1st DEVFS will be standard in -current.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="digi"></a>
|
||||
<h3>digi driver</h3>
|
||||
|
||||
<p><i>Contact: Brian Somers <<a href="mailto:brian@FreeBSD.org">brian@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>Added the digi driver. Initial work was done by John Prince
|
||||
<johnp@knight-trosoft.com>, but all the modular stuff was done by me
|
||||
and initial work on supporting Xe and Xi cards (ala dgb) was done by
|
||||
me. I'm now awaiting an Xe card being sent from joerg@ (almost a
|
||||
donation) so that I can get that side of things working properly. </p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="diskcheckd"></a>
|
||||
<h3>Diskcheckd</h3>
|
||||
|
||||
<p><i>Contact: Poul-Henning Kamp <<a href="mailto:phk@FreeBSD.org">phk@FreeBSD.org</a>></i></p>
|
||||
<p><i>URL: <a href="http://phantom.cris.net/freebsd/projects/viewproj.php?p_id=15">http://phantom.cris.net/freebsd/projects/viewproj.php?p_id=15</a></i></p>
|
||||
|
||||
<p>Ben Smithurst has written a "diskcheckd" daemon which will read all
|
||||
sectors on the disks over a configured period. With recent increases
|
||||
in disksizes it is by no means a given that disk read errors will be
|
||||
discovered before they are fatal. This daemon will hopefully result
|
||||
in the drive firmware being able to relocate bad sectors before they
|
||||
become unreadable. This code is now committed to 5.0-CURRENT.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="if_fxp"></a>
|
||||
<h3>if_fxp driver</h3>
|
||||
|
||||
<p><i>Contact: Jonathan Lemon <<a href="mailto:jlemon@FreeBSD.org">jlemon@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>In the last month (May-June), the new fxp driver was brought
|
||||
into -stable. This new driver uses the common MII code, so
|
||||
support for new PHYs is easy to add. Support for the new Intel
|
||||
82562 chips was added. The driver was updated to add VLAN
|
||||
support and a workaround for a bug affecting Intel 815-based boards.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="java"></a>
|
||||
<h3>Java Project</h3>
|
||||
|
||||
<p><i>Contact: Greg Lewis <<a href="mailto:glewis@eyesbeyond.com">glewis@eyesbeyond.com</a>></i></p>
|
||||
|
||||
<p>The FreeBSD Java Project has continued its "behind the scenes" work
|
||||
over the last month. Progress was made both technically, with the
|
||||
help of Bill Huey (of Wind River), on a port of JDK 1.3.1 and
|
||||
legally, with Nate Williams continuing negotiations with Sun on a
|
||||
mutually acceptable license to release a binary Java 2 SDK under.
|
||||
The JDK 1.2.2 port has also seen some development, with a new
|
||||
patchset likely to be released soon which includes JPDA and NetBSD
|
||||
support (the latter courtesy of Scott Bartram). </p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="kgi"></a>
|
||||
<h3>Kernel Graphics Interface port</h3>
|
||||
|
||||
<p><i>Contact: Nicolas Souchu <<a href="mailto:nsouch@fr.alcove.com">nsouch@fr.alcove.com</a>></i></p>
|
||||
<p><i>URL: <a href="http://kgi.sourceforge.net/">http://kgi.sourceforge.net/</a></i></p>
|
||||
|
||||
<p>The Kernel Graphics Interface project has worked for several years to
|
||||
provide a framework for graphic drivers under Linux receiving input
|
||||
from other groups like the UDI project. Currently the KGI core
|
||||
implementation is quite settled, as is the driver coding model as a
|
||||
whole. Work is being done to newbussify KGI and produce a kld, as
|
||||
part of a future redesign of the graphics subsystem in FreeBSD. KGI
|
||||
will be an alternative for graphic card producers that don't accept
|
||||
the XFree86 model of userland graphic adapters and will also provide
|
||||
accelerated support for any other graphic alternative. </p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="libh"></a>
|
||||
<h3>libh Project</h3>
|
||||
|
||||
<p><i>Contacts: Alexander Langer <<a href="mailto:alex@FreeBSD.org">alex@FreeBSD.org</a>>, Nathan Ahlstrom <<a href="mailto:nra@FreeBSD.org">nra@FreeBSD.org</a>></i></p>
|
||||
<p><i>URL: <a href="http://people.freebsd.org/~alex/libh/">http://people.freebsd.org/~alex/libh/</a></i></p>
|
||||
|
||||
<p>The libh project is a next generation sysinstall. It is written
|
||||
in C++ using QT for its graphical frontend and tvision for its console
|
||||
support. The menus are scriptable via an embedded tcl interpreter.
|
||||
It has been growing functionality quite a bit lately, including a new
|
||||
disklabel editor. Current work is on installation scripts for CDROM,
|
||||
FTP, ... installs as well as a fully functional standalone
|
||||
disk-partition and label editor. The GUI API was extended a little
|
||||
and many bugs were fixed. There seems to be some interest in i18n
|
||||
work. </p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="mount"></a>
|
||||
<h3>Mount(2) API</h3>
|
||||
|
||||
<p><i>Contact: Poul-Henning Kamp <<a href="mailto:phk@FreeBSD.org">phk@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>Maxime Henrion is working on implementing a new and more extensible
|
||||
mount(2) systemcall, mainly to overcome the 32 bits for mountoptions
|
||||
limit, secondary goal to make it possible to mount filesystems from
|
||||
inside the kernel. </p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="oldcard"></a>
|
||||
<h3>OLDCARD pccard implementation</h3>
|
||||
|
||||
<p><i>Contact: Warner Losh <<a href="mailto:imp@FreeBSD.org">imp@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>In the last two months, the OLDCARD pccard implemenation was
|
||||
rototilled to within an inch of its life. Many new pci cardbus
|
||||
bridges were added. Power handling was improved. PCI Card cardbus
|
||||
bridges are nearly supported and should be committed in early June to
|
||||
the tree. This will likely be the last major work done on OLDCARD.
|
||||
After pci cards are supported, work will shift to improving NEWCARD. </p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="ppc"></a>
|
||||
<h3>PowerPC Port</h3>
|
||||
|
||||
<p><i>Contact: Benno Rice <<a href="mailto:benno@FreeBSD.org">benno@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>The PowerPC port is proceeding well. All seems to be working in
|
||||
pmap.c after a number of problems encountered where FreeBSD passes a
|
||||
vm_page_t to a NetBSD-derived function that expects a vm_offset_t.
|
||||
Then after debugging the atomic operations code, I'm now at the point
|
||||
where VM appears to be initialised and it's now hanging while in
|
||||
sys/kern/kern_malloc.c:kmeminit(). Progress continues. =)</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="ppp"></a>
|
||||
<h3>PPP</h3>
|
||||
|
||||
<p><i>Contact: Brian Somers <<a href="mailto:brian@FreeBSD.org">brian@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>Developing full MPPE support for Andre Opperman @ Monzoon in
|
||||
Switzerland. Work is now complete and will eventually be brought
|
||||
into -current, but no dates are yet known. </p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="pseudofs"></a>
|
||||
<h3>pseudofs</h3>
|
||||
|
||||
<p><i>Contact: Dag-Erling Smorgrav <<a href="mailto:des@FreeBSD.org">des@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>Pseudofs is a framework for pseudo-filesystems, like procfs and
|
||||
linprocfs. The goal of pseudofs is twofold:</p>
|
||||
|
||||
<ul>
|
||||
<li>eliminate code duplication between (and within) procfs and
|
||||
linprocfs</li>
|
||||
|
||||
<li>isolate procfs and linprocfs from the complexities of the vfs
|
||||
system to simplify maintenance and further development.</li>
|
||||
</ul>
|
||||
|
||||
<p>Pseudofs has reached the point where it is sufficiently
|
||||
functional and stable that linprocfs has been almost fully
|
||||
reimplemented on top of it; the only bit that's missing is the
|
||||
proc/<pid>/mem file.</p>
|
||||
|
||||
<p>The primary to-do item for pseudofs right now is to add support
|
||||
for writeable files (which are required for procfs, and are quite
|
||||
a bit less trivial to handle than read-only files). In addition,
|
||||
pseudofs needs either generic support for raw (non-sbuf'ed,
|
||||
possibly mmap'able) files, or failing that, special-case code to
|
||||
handle proc/<pid>/mem.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="relnotesng"></a>
|
||||
<h3>RELNOTESng</h3>
|
||||
|
||||
<p><i>Contact: Bruce A. May <<a href="mailto:bmah@FreeBSD.org">bmah@FreeBSD.org</a>></i></p>
|
||||
<p><i>URL: <a href="http://people.freebsd.org/~bmah/relnotes/">http://people.freebsd.org/~bmah/relnotes/</a></i></p>
|
||||
|
||||
<p>RELNOTESng is the name I've given to the rewrite of the *.TXT files
|
||||
that typically accompany a FreeBSD release. The information from
|
||||
these files (which include, among other things, the release notes and
|
||||
the supported hardware list) have been reorganized and converted to
|
||||
SGML. This helps us produce the documentation in various formats, as
|
||||
well as facilitating the maintainence of documentation for multiple
|
||||
architectures. This work was recently committed to -CURRENT, and I
|
||||
intend to MFC it to 4-STABLE before 4.4-RELEASE. </p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="smpng"></a>
|
||||
<h3>SMPng Project</h3>
|
||||
|
||||
<p><i>Contacts: John Baldwin <<a href="mailto:jhb@FreeBSD.org">jhb@FreeBSD.org</a>>, Jake Burkholder <<a href="mailto:jake@FreeBSD.org">jake@FreeBSD.org</a>>, SMP Mailing list <<a href="mailto:smp@FreeBSD.org">smp@FreeBSD.org</a>></i></p>
|
||||
<p><i>URL: <a href="http://www.freebsd.org/~jasone/smp/">http://www.freebsd.org/~jasone/smp/</a></i></p>
|
||||
|
||||
<p>The SMPng project aims to provide multithreaded support for the
|
||||
FreeBSD kernel. Currently the kernel still runs almost exclusively
|
||||
under the Giant kernel lock. Recently, progress has been made in
|
||||
locking the process group and session structures as well as file
|
||||
descriptors by Seigo Tanimura-san. Alfred Perlstein has also added
|
||||
in a giant lock around the entire virtual memory (VM) subsystem which
|
||||
will eventually be split up into several smaller locks. The locking
|
||||
of the VM subsystem has proved tricky, and some of the current effort
|
||||
is focused on finding and fixing a few remaining bugs in on the alpha
|
||||
architecture.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="smpng-mbuf"></a>
|
||||
<h3>SMPng mbuf allocator</h3>
|
||||
|
||||
<p><i>Contact: Bosko Milekic <<a href="mailto:bmilekic@FreeBSD.org">bmilekic@FreeBSD.org</a>></i></p>
|
||||
<p><i>URL: <a href="http://people.freebsd.org/~bmilekic/code/mb_slab/">http://people.freebsd.org/~bmilekic/code/mb_slab/</a></i></p>
|
||||
|
||||
<p>mb_alloc is a new specialized allocator for mbufs and mbuf clusters.
|
||||
Presently, it offers various important advantages over the old
|
||||
(status quo) mbuf allocator, particularily for MP machines.
|
||||
Additionally, it is designed with the possibility of future
|
||||
enchancements in mind. </p>
|
||||
|
||||
<p>Presently in initial review & testing stages, most of the code is
|
||||
already written. </p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="sparc64"></a>
|
||||
<h3>Sparc64 Port</h3>
|
||||
|
||||
<p><i>Contact: Jake Burkholder <<a href="mailto:jake@FreeBSD.org">jake@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>Work has (re)started on a port of FreeBSD to the UltraSPARC
|
||||
architecture, specifically targeting PCI based workstations. Jake
|
||||
Burkholder will be porting the kernel, and Ade Lovett has expressed
|
||||
an interest in working on userland. Recent work on the project
|
||||
includes: </p>
|
||||
|
||||
<ul>
|
||||
<li>built a gnu cross toolchain targeting sparc64</li>
|
||||
<li>obtained remote access to an ultra 5 development machine (thanks to emmy)</li>
|
||||
<li>developed a minimal set of headers and source files to allow
|
||||
the kernel to be compiled and linked</li>
|
||||
<li>implemented a mini-loader which relocates the kernel, maps it
|
||||
into the tlbs and calls it</li>
|
||||
<li>nabbed Benno Rice's openfirmware console driver which allows
|
||||
printf and panic to work</li>
|
||||
</ul>
|
||||
|
||||
<p>At this point the kernel can be net-booted and prints the FreeBSD
|
||||
copyright before calling code that is not yet implemented. I am
|
||||
currently working on a design for the pmap module and plan to begin
|
||||
implementation in the next few days.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="trustedbsd"></a>
|
||||
<h3>TrustedBSD</h3>
|
||||
|
||||
<p><i>Contact: Robert Watson <<a href="mailto:rwatson@FreeBSD.org">rwatson@FreeBSD.org</a>></i></p>
|
||||
<p><i>URL: <a href="http://www.TrustedBSD.org/">http://www.TrustedBSD.org/</a></i></p>
|
||||
|
||||
<p>The TrustedBSD Project seeks to improve the security of the FreeBSD
|
||||
operating system by adding new security features, many derived from
|
||||
common trusted operating system requirements. This includes Access
|
||||
Control Lists (ACLs), Fine-grained Event Logging (Audit), Fine-grained
|
||||
Privileges (Capabilities), Mandatory Access Control (MAC), and other
|
||||
architecture features, including file system extended attributes,
|
||||
and improved object labeling.</p>
|
||||
|
||||
<p>Individual feature status reports are documented seperately below;
|
||||
in general, basic features (such as EAs, ACLs, and kernel support
|
||||
for Capabilities) will be initially available in 5.0-RELEASE,
|
||||
conditional on specific kernel options. A performance-enhanced
|
||||
version of EAs is currently being targetted at 6.0-RELEASE, along
|
||||
with an integrated capability-aware userland, and MAC support.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="trustedbsd-acls"></a>
|
||||
<h3>TrustedBSD: ACLs</h3>
|
||||
|
||||
<p><i>Contact: Chris D. Faulhaber <<a href="mailto:jedgar@FreeBSD.org">jedgar@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>Patches are now available to add ACL support to cp(1) and mv(1) along
|
||||
with preliminary support for install(1). Ilmar's i18n patches for
|
||||
getfacl(1) and setfacl(1) need to be updated for the last set of
|
||||
changes and committed. Some other functional improvements are also
|
||||
in the pipeline.</p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="trustedbsd-cap"></a>
|
||||
<h3>TrustedBSD Capabilities</h3>
|
||||
|
||||
<p><i>Contact: Thomas Moestl <<a href="mailto:tmm@FreeBSD.org">tmm@FreeBSD.org</a>></i></p>
|
||||
|
||||
<p>The kernel part of the capability implementation is mostly finished;
|
||||
all uses of suser() and suser_xxx() and nearly all comparisons of
|
||||
uid's with 0 have been converted to use the newly introduced
|
||||
cap_check() call. Some details still need clarification. More
|
||||
documentation for this needs to be done. </p>
|
||||
|
||||
<p>POSIX.2c-compatible getfcap and setfcap programs have been written.
|
||||
Experimental capability support in su(1), login(1), install(1) and
|
||||
bsd.prog.mk is being tested.</p>
|
||||
|
||||
<p>Support for capabilities, ACL's, capabilities and MAC labels in
|
||||
tar(1) is being developed; only the capability part is tested right
|
||||
now. Generic support for extended attributes is planned, this will
|
||||
require extensions to the current EA interface, which are written and
|
||||
will probably be committed to -CURRENT in a few weeks. A port of
|
||||
these features to pax(1) is planned. </p>
|
||||
|
||||
<hr>
|
||||
|
||||
<a name="trustedbsd-mac"></a>
|
||||
<h3>TrustedBSD MAC and Object Labeling</h3>
|
||||
|
||||
<p><i>Contact: Robert Watson <<a href="mailto:rwatson@FreeBSD.org">rwatson@FreeBSD.org</a>></i></p>
|
||||
<p><i>URL: <a href="http://www.TrustedBSD.org/">http://www.TrustedBSD.org/</a></i></p>
|
||||
|
||||
<p>An initial prototype of a Mandatory Access Control implementation
|
||||
was completed earlier this year, supporting Multi-Level Security,
|
||||
Biba Integrity protection, and a more general jail-based access
|
||||
control model. Based on that implementation, I'm now in the process
|
||||
of improving the FreeBSD security abstractions to simplify both the
|
||||
implementation and integration of MAC support, as well as increase the
|
||||
number of kernel objects protected by both discretionary and mandatory
|
||||
protection schemes. Generic object labeling introduces a structure
|
||||
not dissimilar in properties to the kernel ucred structure, only it is
|
||||
intended to be associated with kernel objects, rather than kernel
|
||||
subjects, permitting the creation of generic security protection
|
||||
routines for objects. This would allow the easy extension of procfs
|
||||
and devfs to support ACLs and MAC, for example. A prototype is
|
||||
underway, with compiling and running code and simple protections
|
||||
now associated with sysctl's.</p>
|
||||
|
||||
&footer;
|
||||
</body>
|
||||
</html>
|
22
en/news/status/status.sgml
Normal file
22
en/news/status/status.sgml
Normal file
|
@ -0,0 +1,22 @@
|
|||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
|
||||
<!ENTITY base CDATA "../..">
|
||||
<!ENTITY date "$FreeBSD$">
|
||||
<!ENTITY title "FreeBSD Status Reports">
|
||||
<!ENTITY % includes SYSTEM "../../includes.sgml"> %includes;
|
||||
]>
|
||||
|
||||
<html>
|
||||
&header;
|
||||
|
||||
<p>Each month, the FreeBSD project releases a status report to keep users
|
||||
and developers up to date on the projects in active development.</p>
|
||||
|
||||
<h2>2001</h2>
|
||||
|
||||
<ul>
|
||||
<li><a href="report-june-2001.html">June, 2001</a></li>
|
||||
</ul>
|
||||
|
||||
&footer;
|
||||
</body>
|
||||
</html>
|
Loading…
Add table
Add a link
Reference in a new issue