TrustedBSD...

Robert Garrett rg70 at sbcglobal.net
Wed Dec 10 06:30:03 PST 2003


Hiten Pandya wrote:

> Brooks Davis wrote:
> 
>> On Tue, Dec 09, 2003 at 02:25:28PM +0100, Max Laier wrote:
>> 
>>>Additionally it seems possible to implement a good portion of the
>>>TrustedBSD stuff along with the symlink-/filesystem work!? Maybe it's
>>>good to put it in there to get a more "native" solution for DF rather
>>>then modifying ufs with yet another (suboptimal) patchset.
>>>
>>>Or did I get the idea of the new stuff wrong?
>> 
>> 
>> Modification of the on disk format of UFS was pretty much require for
>> fast labeling of ondisk content (lableing of UFS1 file systems, is
>> possiable, but VERY expensive because the labels are stored in a file
>> like quotas), but that's only a small part of the work involved in
>> making a trusted OS.  UFS2 made many more changes then were required for
>> TrustedBSD because a need to break binary compatability was seen as a
>> good time to fix all the 32-bit crap in the ondisk format so we could
>> have >>1TB file systems.
>> 
> 
> Not only that... we will need someone to constantly update the
> TrustedBSD framework port, which is a very time consuming task.
> 
> I think we should let this project be left to the TrustedBSD
> team.  Just like they are now writing Trusted extensions for
> Darwin, such a project will exist for DragonFly one day...
> 
> Regards,
> 
> -- Hiten (hmp at xxxxxxxxxxxxx)
trusted extensions for dfly, shouldn't be extremely hard to 
implement, we all ready break things down into messages,
inserting code to see if we have permission to execute the
message at the bottom layer.. i.e for disks the device message
well hell i guess that would be true for everything. 
 so I disagree that we need to port the trustedbsd code.
I believe it would be much easier and cleaner to do it ourselves.

Robert Garrett





More information about the Kernel mailing list