RE: FreeBSD trusted execution system: beta testers wanted

• Previous message: Michael Collette: "LDAP and Linux compatibility"
• Maybe in reply to: Christian S.J. Peron: "FreeBSD trusted execution system: beta testers wanted"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 19 Mar 2005 23:27:03 +0000
To: freebsd-hackers@FreeBSD.org

All

Thanks for all the input. I have updated the code as per some of the comments
which came in around testing. The following changes were made:

-modify setfhash/getfhash to use the filename of the pathname portion.
 this will un break set/getfhash if it was invoked using ./ or the complete
 pathname.

-the kernel implementation of setfhash was a bad idea. It used to use
 the utimes syscall. This especially caused problems with various port
 or source builds on NFS file systems exiting with EIO or various other
 errors. I replaced the kernel implementation with a sysctl, and modified
 the setfhash utility to use this instead.

-add additional printf's to tell people where/why things went wrong. It
 should be noted that these printfs are only executed if the module is
 compiled with DEBUG set. (See the Makefile).

-change Makefiles and file locations to be more consistent with the
 system build practices.

NOTE: IF YOU HAVE ALREADY PATCHED YOUR KERNEL SKIP THE KERNEL PATCH/REBUILD

cd /usr/src/sys
fetch http://www.freebsd.org/~csjp/mac/mac_vnode_mmap.1106783302.diff
patch < mac_vnode_mmap.1106783302.diff

# REBUILD YOUR KERNEL

cd /usr/src/sys/modules
mkdir /usr/src/sys/modules/mac_chkexec
cd /usr/src/sys/modules/mac_chkexec
fetch http://www.freebsd.org/~csjp/mac/Makefile

cd /usr/src/usr.sbin
fetch http://www.freebsd.org/~csjp/mac/getfhash.1111165779.shar
sh getfhash.1111165779.shar
cd getfhash
make
make install
make clean

cd /usr/src/sys/security
fetch http://www.freebsd.org/~csjp/mac/mac_chkexec.1111165827.shar
sh mac_chkexec.1111165827.shar
cd /usr/src/sys/modules/mac_chkexec
make
make install
make clean

-- 
Christian S.J. Peron
csjp@FreeBSD.ORG
FreeBSD Committer
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Michael Collette: "LDAP and Linux compatibility"
• Maybe in reply to: Christian S.J. Peron: "FreeBSD trusted execution system: beta testers wanted"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: FreeBSD trusted execution system: beta testers wanted ... -the kernel implementation of setfhash was a bad idea. ... I replaced the kernel implementation with a sysctl, ... fetch http://www.freebsd.org/~csjp/mac/mac_vnode_mmap.1106783302.diff ... make clean ... (freebsd-hackers) PCMCIA please help ... G) Kernel Configuration ... I try to run an Edimax cardbus fast ethernet card with David Hinds pcmcia ... cs: IO port probe 0x0208-0x021f: clean. ... (Debian-User) Re: Check handling of kernel build output directory ... is what you need to clean up. ... CLEAN .config ... HOSTCC scripts/basic/docproc ... Linux Kernel Configuration ... (Linux-Kernel) Re: The command "df -h" no show me the size of partition true! ... The number should be close to what how much space is used on disk. ... you booted with a 'clean' kernel then I'll be interested for details) ... Alessandro Viana wrote: ... (RedHat) Re: acpi ... Once you get the kernel source unpacked, ... > make clean ... > make modules install ... copy over appropriate configuration file to .config ... (RedHat)