POSIX.1E defines a set of security extensions for POSIX-compliant systems. This is a first pass at MAC support for FreeBSD, implemented to the POSIX.1E spec. This code is still EXPERIMENTAL and is not complete by any means.
25.02.2000
Finally i finished my first step of MAC implementation. Now i have text label representation, like SGI does(but with out Biba integriry part). I don't know if i would publish source here or at TrustedBSD site.
11.11.99
Here you can grab my new mac and cap code. It is not even alpha, i publish it only for acquaintance. Now i'm using the fixed labels approach with 16 levels and 64 non-hierarchical categories. Not only POSIX capabilities would be implemented, i want to make some enhancements like Linux did. So the infrastructure is almost done, but only for the process. No object labeling support right now. I'm waiting Robert Watson to finish his ACLs search. Now - how to use this code. Install mac-0.1. Simply replace kern_mac.c and mac.h files. kern_cap.c and cap*.h are new files. Others are from 3.1-release. I don't know how to update these files in other releases and i don't want to make patches right now, because i don't finish my work yet. If you are interested - look through the code, any comments are welcome.
1.11.99
I began to implement new MAC and CAP interfaces. There would be support for 16 MAC levels and 64 MAC categories. CAP will be derived and based on code by Andrew Morgan. Unfortunatelly there would be only process based support for MAC and CAP because of out of storage space in the inode. Robert Watson is working on this problem while implementing ACLs. When we find reasonable i will add support for files.
25.10.99
This is the first version of MAC implementation for FreeBSD (3.x). It is not complete and is not eve alpha quality software. For example, while the userland library is essentially complete, and documentation is largely there, syscalls have no auditing support at this point, and current MAC implementation is wrong. It supports 256 levels of data confidentiality and no non-hierarchical categories. I will reimplement it as soon as possible. There is some technical problems of MAC label storage.
Email Ilmar S. Habibulin for more information or to suggest changes to this page.
Back to the FreeBSD POSIX.1E PageLast modified: 11.11.1999