[rsbac] New to-do list for 1.2.2

Amon Ott rsbac@rsbac.org
Fri Nov 22 16:04:01 2002


Here is my new to-do list for 1.2.2. Version 1.2.2-pre2 will be out pretty 
soon with the finished features. The current code is available on the rsync 




- MS module support for F-Protd as scanning engine
- ms_need_scan FD attribute for selective scanning
- JAIL flag to additionally allow to/from local/remote IP
- RSBAC syscall version numbers to avoid mismatches between kernel and tools
- Add RES module with minimum and maximum resource settings for
  users and programs

To do for 1.2.2:

- Change i18n technique of admin tool help to gettext
- New requests CHANGE_DAC_(EFF|FS)_OWNER on target type PROCESS to
  control euid and fsuid
- Extra AUTH cap sets for these
- Support more scanners (AVP, AntiVir, Clamav) in MS module

To do later:

- More sophisticated resource control scheme
- Allow IP-list in jail, not just one IP.
- Optional RC role and type hierarchy
- RC ttl setting in menues (already displayed, but setting is a bit tricky)
- AUTH daemon for authentication enforcement
- Support more network address families with addresses etc.
- Support more network address families with NETDEV and SCD/network/firewall
- Port the last lists (AUTH) to generic lists
- PM overhaul and menues
- (maybe) Install trace mode with automatic attribute restore (for software
- Script log->auth cap setting
- Learning modes etc. for automatic setup script generation
- ACL support in Samba
- (maybe) Attribute set undo log in menues
- (maybe) Attribute get log in menues