These release notes document the Alpha 1 code drop of the Flask/Type Enforcement (TE) code that is based on toolchain/policy Version 15. This code enables the initial policy load operation, but does not yet enable any labeling or access controls for processes or objects. That functionality will be added to future releases.
This document covers the following topics:
The following describes features of this Alpha 1 code drop:
The policy file is automatically loaded by the kernel during boot from /etc/security/fmac/ss_policy.
checkpolicy is fully functional and builds with yacc, lex, and m4.
This Alpha 1 release is based on onnv_87. Use the corresponding onbld and closed bins that are available from opensolaris.org at http://dlc.sun.com/osol/on/downloads/b87/.
You can download the Alpha 1 FMAC source code from the fmac-gate:
# hg clone ssh://anon@hg.opensolaris.org/hg/fmac/fmac-gate
The following list describes the FMAC source locations:
Policy Flask definitions and security server code shared by user space and the kernel
Policy configuration and user space tools
Flask headers and generated definitions
Flask kernel-only code
The source for the policy is in usr/src/cmd/fmac/policy. It has not yet been modified for use with OpenSolaris.
FMAC system calls have not yet been integrated.
setfiles is functional, but the code to get and set file contexts is stubbed out until the library and system calls are implemented.
This code has only been built and verified on x64 using a debug build (stock opensolaris.sh). A build and verification on SPARC is coming in a future code drop.
For each problem you encounter, send the following information to help the team determine the root cause of the problem:
Describe the problem and describe what you were doing when you encountered the problem.
NOTE: Give as much information as you can to enable the team to reproduce the problem.
Describe your configuration.
For example, x data servers running on x machines.
Describe the bits you have installed.
For example, run the following commands on all machines:
% cat /etc/motdIf the problem is a panic, include the stack trace and access to the core file.
Send the information in an email message to the fmac dash discuss at opensolaris dot org list.
NOTE: You must be a member of the list before you can post messages to it.