NetBSD/sys/secmodel/bsd44/files.bsd44

# $NetBSD: files.bsd44,v 1.3 2009/10/02 18:50:13 elad Exp $

defflag secmodel_bsd44_logic
defflag secmodel_bsd44 : secmodel_bsd44_logic, secmodel_suser, secmodel_securelevel

file	secmodel/bsd44/secmodel_bsd44.c			secmodel_bsd44
First part of secmodel cleanup and other misc. changes: - Separate the suser part of the bsd44 secmodel into its own secmodel and directory, pending even more cleanups. For revision history purposes, the original location of the files was src/sys/secmodel/bsd44/secmodel_bsd44_suser.c src/sys/secmodel/bsd44/suser.h - Add a man-page for secmodel_suser(9) and update the one for secmodel_bsd44(9). - Add a "secmodel" module class and use it. Userland program and documentation updated. - Manage secmodel count (nsecmodels) through the module framework. This eliminates the need for secmodel_{,de}register() calls in secmodel code. - Prepare for secmodel modularization by adding relevant module bits. The secmodels don't allow auto unload. The bsd44 secmodel depends on the suser and securelevel secmodels. The overlay secmodel depends on the bsd44 secmodel. As the module class is only cosmetic, and to prevent ambiguity, the bsd44 and overlay secmodels are prefixed with "secmodel_". - Adapt the overlay secmodel to recent changes (mainly vnode scope). - Stop using link-sets for the sysctl node(s) creation. - Keep sysctl variables under nodes of their relevant secmodels. In other words, don't create duplicates for the suser/securelevel secmodels under the bsd44 secmodel, as the latter is merely used for "grouping". - For the suser and securelevel secmodels, "advertise presence" in relevant sysctl nodes (sysctl.security.models.{suser,securelevel}). - Get rid of the LKM preprocessor stuff. - As secmodels are now modules, there's no need for an explicit call to secmodel_start(); it's handled by the module framework. That said, the module framework was adjusted to properly load secmodels early during system startup. - Adapt rump to changes: Instead of using empty stubs for securelevel, simply use the suser secmodel. Also replace secmodel_start() with a call to secmodel_suser_start(). - 5.99.20. Testing was done on i386 ("release" build). Spearated module_init() changes were tested on sparc and sparc64 as well by martin@ (thanks!). Mailing list reference: http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html 2009-10-02 22:50:12 +04:00			`# $NetBSD: files.bsd44,v 1.3 2009/10/02 18:50:13 elad Exp $`
First take at security model abstraction. - Add a few scopes to the kernel: system, network, and machdep. - Add a few more actions/sub-actions (requests), and start using them as opposed to the KAUTH_GENERIC_ISSUSER place-holders. - Introduce a basic set of listeners that implement our "traditional" security model, called "bsd44". This is the default (and only) model we have at the moment. - Update all relevant documentation. - Add some code and docs to help folks who want to actually use this stuff: * There's a sample overlay model, sitting on-top of "bsd44", for fast experimenting with tweaking just a subset of an existing model. This is pretty cool because it's really straightforward to do stuff you had to use ugly hacks for until now... * And of course, documentation describing how to do the above for quick reference, including code samples. All of these changes were tested for regressions using a Python-based testsuite that will be (I hope) available soon via pkgsrc. Information about the tests, and how to write new ones, can be found on: http://kauth.linbsd.org/kauthwiki NOTE FOR DEVELOPERS: PLEASE don't add any code that does any of the following: - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request, - Checks 'securelevel' directly, - Checks a uid/gid directly. (or if you feel you have to, contact me first) This is still work in progress; It's far from being done, but now it'll be a lot easier. Relevant mailing list threads: http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help stablizing kauth(9). Full credit for the regression tests, making sure these changes didn't break anything, goes to Matt Fleming and Jaime Fournier. Happy birthday Randi! :) 2006-09-09 00:58:56 +04:00
			`defflag secmodel_bsd44_logic`
First part of secmodel cleanup and other misc. changes: - Separate the suser part of the bsd44 secmodel into its own secmodel and directory, pending even more cleanups. For revision history purposes, the original location of the files was src/sys/secmodel/bsd44/secmodel_bsd44_suser.c src/sys/secmodel/bsd44/suser.h - Add a man-page for secmodel_suser(9) and update the one for secmodel_bsd44(9). - Add a "secmodel" module class and use it. Userland program and documentation updated. - Manage secmodel count (nsecmodels) through the module framework. This eliminates the need for secmodel_{,de}register() calls in secmodel code. - Prepare for secmodel modularization by adding relevant module bits. The secmodels don't allow auto unload. The bsd44 secmodel depends on the suser and securelevel secmodels. The overlay secmodel depends on the bsd44 secmodel. As the module class is only cosmetic, and to prevent ambiguity, the bsd44 and overlay secmodels are prefixed with "secmodel_". - Adapt the overlay secmodel to recent changes (mainly vnode scope). - Stop using link-sets for the sysctl node(s) creation. - Keep sysctl variables under nodes of their relevant secmodels. In other words, don't create duplicates for the suser/securelevel secmodels under the bsd44 secmodel, as the latter is merely used for "grouping". - For the suser and securelevel secmodels, "advertise presence" in relevant sysctl nodes (sysctl.security.models.{suser,securelevel}). - Get rid of the LKM preprocessor stuff. - As secmodels are now modules, there's no need for an explicit call to secmodel_start(); it's handled by the module framework. That said, the module framework was adjusted to properly load secmodels early during system startup. - Adapt rump to changes: Instead of using empty stubs for securelevel, simply use the suser secmodel. Also replace secmodel_start() with a call to secmodel_suser_start(). - 5.99.20. Testing was done on i386 ("release" build). Spearated module_init() changes were tested on sparc and sparc64 as well by martin@ (thanks!). Mailing list reference: http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html 2009-10-02 22:50:12 +04:00			`defflag secmodel_bsd44 : secmodel_bsd44_logic, secmodel_suser, secmodel_securelevel`
First take at security model abstraction. - Add a few scopes to the kernel: system, network, and machdep. - Add a few more actions/sub-actions (requests), and start using them as opposed to the KAUTH_GENERIC_ISSUSER place-holders. - Introduce a basic set of listeners that implement our "traditional" security model, called "bsd44". This is the default (and only) model we have at the moment. - Update all relevant documentation. - Add some code and docs to help folks who want to actually use this stuff: * There's a sample overlay model, sitting on-top of "bsd44", for fast experimenting with tweaking just a subset of an existing model. This is pretty cool because it's really straightforward to do stuff you had to use ugly hacks for until now... * And of course, documentation describing how to do the above for quick reference, including code samples. All of these changes were tested for regressions using a Python-based testsuite that will be (I hope) available soon via pkgsrc. Information about the tests, and how to write new ones, can be found on: http://kauth.linbsd.org/kauthwiki NOTE FOR DEVELOPERS: PLEASE don't add any code that does any of the following: - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request, - Checks 'securelevel' directly, - Checks a uid/gid directly. (or if you feel you have to, contact me first) This is still work in progress; It's far from being done, but now it'll be a lot easier. Relevant mailing list threads: http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help stablizing kauth(9). Full credit for the regression tests, making sure these changes didn't break anything, goes to Matt Fleming and Jaime Fournier. Happy birthday Randi! :) 2006-09-09 00:58:56 +04:00
			`file secmodel/bsd44/secmodel_bsd44.c secmodel_bsd44`