# $Id: README,v 1.3 2001/09/12 22:10:13 bfeldman Exp $

Intro
-----

This is the highly-experimental FreeBSD port of LOMAC, incorporating both
system call overriding and a virtual file system interface which allows
for near-complete control over all file-related operations.  Despite
being highly experimental, the very first priority to making something
which "works" is to make something that is stable.  To that effect, LOMAC
on FreeBSD so far has about 50% or more total functionality and is,
in my experience, very stable.

Despite my high expectations, this code doesn't have very widespread
testing, and may have unforeseen issues that I do not know about.  Some
filesystems, for example, may not work as efficiently.  If you have
questions or comments, don't hesitate to join the lomac-users mailing
list!

Installation
------------

LOMAC/FreeBSD is currently only targeted at FreeBSD 5.0-CURRENT.

For FreeBSD -CURRENT, compilation is quite simple.  Basic installation
involves:

$ # Make back-ups!  I've not trashed any data so far with LOMAC, but it
$ # could happen, so make sure to mount a scratch monkey or not use an
$ # important machine!
$ cd /sbin
$ ln -s mount_std mount_lomacfs
$ cd ~/lomac-dist/LKM/Arch/FreeBSD
$ make
$ make load-all
$ mount_lomacfs lomac /

That's it!  If everything's successful, mount should now show LOMAC as
mounted over the root filesystem.  To unload, you will probably have to
use "umount -f /"; also, shutting down is not prevented, so if you screw
things up you can still shutdown/reboot/whatever.

Notes
-----

If you would like to run Linux/SVR4/etc. binaries, the binary
compatibility modules must be loaded _after_ the LOMAC module is
loaded to ensure protection of the system from those binaries
executed with a non-FreeBSD ABI.

Currently, the only large holes are the communication channels of
pipes/sockets not being controlled, and the fact that System V IPC
(specifically, shmget(2)) needs to have access checks added.  This
is still a work in progress, so bugs may exist.

This is a woefully incomplete README.  Documentation hasn't been a priority
yet, so this is all you get for FreeBSD, though hopefully there should be
more soon.
