TrustedBSD...
    Robert Garrett 
    rg70 at sbcglobal.net
       
    Wed Dec 10 06:30:03 PST 2003
    
    
  
Hiten Pandya wrote:
> Brooks Davis wrote:
> 
>> On Tue, Dec 09, 2003 at 02:25:28PM +0100, Max Laier wrote:
>> 
>>>Additionally it seems possible to implement a good portion of the
>>>TrustedBSD stuff along with the symlink-/filesystem work!? Maybe it's
>>>good to put it in there to get a more "native" solution for DF rather
>>>then modifying ufs with yet another (suboptimal) patchset.
>>>
>>>Or did I get the idea of the new stuff wrong?
>> 
>> 
>> Modification of the on disk format of UFS was pretty much require for
>> fast labeling of ondisk content (lableing of UFS1 file systems, is
>> possiable, but VERY expensive because the labels are stored in a file
>> like quotas), but that's only a small part of the work involved in
>> making a trusted OS.  UFS2 made many more changes then were required for
>> TrustedBSD because a need to break binary compatability was seen as a
>> good time to fix all the 32-bit crap in the ondisk format so we could
>> have >>1TB file systems.
>> 
> 
> Not only that... we will need someone to constantly update the
> TrustedBSD framework port, which is a very time consuming task.
> 
> I think we should let this project be left to the TrustedBSD
> team.  Just like they are now writing Trusted extensions for
> Darwin, such a project will exist for DragonFly one day...
> 
> Regards,
> 
> -- Hiten (hmp at xxxxxxxxxxxxx)
trusted extensions for dfly, shouldn't be extremely hard to 
implement, we all ready break things down into messages,
inserting code to see if we have permission to execute the
message at the bottom layer.. i.e for disks the device message
well hell i guess that would be true for everything. 
 so I disagree that we need to port the trustedbsd code.
I believe it would be much easier and cleaner to do it ourselves.
Robert Garrett
    
    
More information about the Kernel
mailing list