from being MI in any fashion. It currently "assumes" that it can get
a kernel virtual address for a phyiscal address by adding KERNBASE to the
physical address. It also tries to read values out of a the PC BIOS on
all archs. It also uses "manual" inb() and outb()'s to talk to the mcclock
device which just happens to be at that location on both i386 and alpha.
This driver should likely be i386-only.
not look like the prerequisites to fill it in properly will be in the tree
for the upcoming release, but it's mostly done, so there is no need for these
to stay around to remind us.
to run patches to make(1) by. Hopefully this will make it easier to get bugs
fixed in make(1), as well as get review by people with experience working on,
in, around, etc., make(1).
Currently it points to two people who have demonstrated maintainership (ru@
and myself) and one person interested in helping (alane@). That list is
subject to expansion and contraction.
if it's not defined as efi. This makes sure we create a proper
MFS root filesystem and still allow the boot disk to be EFI
based.
At this time EFI auto boot works and we're properly loading the
MFS root file system. Time to create drivers.conf and get this
show on the road!
manipulated directly (rather than using sballoc()/sbfree()); update them
to tweak the new sb_ctl field too.
Sponsored by: NTT Multimedia Communications Labs
o ia64: Set DOFS_SH to point to an alternate version.
o ia64: Lower BIGBOOTSIZE from 120M (LS-120) to ~5M.
o ia64: Set BIGBOOTLABEL to efi so that we can check for it
in the alternate doFS.sh script. If the label is not efi, we
can invoke the generic doFS.sh.
(1) Permit userland applications to request a change of label atomic
with an execve() via mac_execve(). This is required for the
SEBSD port of SELinux/FLASK. Attempts to invoke this without
MAC compiled in result in ENOSYS, as with all other MAC system
calls. Complexity, if desired, is present in policy modules,
rather than the framework.
(2) Permit policies to have access to both the label of the vnode
being executed as well as the interpreter if it's a shell
script or related UNIX nonsense. Because we can't hold both
vnode locks at the same time, cache the interpreter label.
SEBSD relies on this because it supports secure transitioning
via shell script executables. Other policies might want to
take both labels into account during an integrity or
confidentiality decision at execve()-time.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
