[rsbac] rsbac-v1.2.0-pre5 uploaded to /pre

Amon Ott rsbac@rsbac.org
Thu Mar 14 17:09:03 2002


RSBAC v1.2.0-pre5 has been uploaded to http://rsbac.org/pre.

- Support for kernels 2.4.17-18 and 2.2.20

- SMP locking during mount partly reworked - SMP people please test and report
  (umount might still hang)

- Special backup script src/scripts/backup_all_1.1.2 in admin tools: Run with 
1.1.2 tools under 1.1.2 kernel, and use output script to restore with 1.2.0 
tools under 1.2.0. I'd be specially interested, whether your existing configs 
are correctly transferred. This script is meant to be the official upgrading 

As you can see from the To-Do-List, 1.2.0 is considered functionally 
finished. I am planning to do only bugfixes and urgent features from now on, 
everything else must wait for 1.2.1.
There might be only one more pre release before final, so please speak out 
now or take what you get... ;)
I am looking for volunteers for some limited tasks:
- PAM programming: Write the AUTH daemon. It works both as PAM server and 
client, and we need a PAM lib to access it. Detailed design on request...
- More address families: support and test IPX, IPv6, etc. addresses (what you 
- ACL support in Samba
- Howtos: Work through mailing list archive and collect a howto document from 
all ideas given there
- Admin tools man pages



- Network access control with templates:
  - works with all models except PM
  - UNIX / INET (ipv4) address families fully supported
  - other AF matched without addresses etc.
- Template based individual netobj logging command line and menu tools for
above items
- RC model and tools with unlimited roles and types (well, 32 Bit unsigned
  integer index)
- Symlink RC role redirection
- Selective dir tree disabling of Linux DAC
- rsbac_dialog program (modified cdialog) with menu help button and default 
- help in all rsbac menues
- Kernel config help for new items
- Fixed rklogd/rsbac_log problem with 2.4 kernels and put rklogd back into
  tools package
- Generic list ordering (needed for templates and optimization)
- Model names in attribute tools
- Finish Net Device access control and tools/menues
- List optimization
- Reactivate Malware Scan module
- Generic time-to-live support in generic lists (new on-disk version)
- Support time-to-live for ACL group members and ACL entries
- copy_net_temp
- Network attribute backup
- Individual model soft mode
- Support time-to-live for RC entries
- Port to 2.2.20
- Special backup script for transfer from 1.1.2 to 1.2.0
- ACL ttl in menues

To do for pre6:

- RC ttl setting in menues (already displayed, but setting is a bit tricky)

To do for 1.2.1:

- AUTH daemon for authentication enforcement
- Support more network address families with addresses etc.
- Support more network address families with NETDEV and SCD/network/firewall
- Port the last lists (AUTH, log_levels etc.) to generic lists
- PM overhaul and menues
- Syscall wrapper + library to only use single syscall NR_security
- (maybe) Install trace mode with automatic attribute restore (for software
- Script log->auth cap setting
- Learning modes etc. for automatic setup script generation
- ACL support in Samba
- Versions in backup (-V n, n = (major<<16)+(mid<<8)+subver), automatic
  translation to new settings on restore
- Attribute set log in menues / undo log?
- (maybe) Attribute get log in menues