[rsbac] New to-do list for 1.2.2
Amon Ott
rsbac@rsbac.org
Fri Nov 22 16:04:01 2002
Hi!
Here is my new to-do list for 1.2.2. Version 1.2.2-pre2 will be out pretty
soon with the finished features. The current code is available on the rsync
server.
Amon.
-----------------------------
Finished:
- MS module support for F-Protd as scanning engine
- ms_need_scan FD attribute for selective scanning
- JAIL flag to additionally allow to/from local/remote IP 127.0.0.1
- RSBAC syscall version numbers to avoid mismatches between kernel and tools
- Add RES module with minimum and maximum resource settings for
users and programs
To do for 1.2.2:
- Change i18n technique of admin tool help to gettext
- New requests CHANGE_DAC_(EFF|FS)_OWNER on target type PROCESS to
control euid and fsuid
- Extra AUTH cap sets for these
- Support more scanners (AVP, AntiVir, Clamav) in MS module
To do later:
- More sophisticated resource control scheme
- Allow IP-list in jail, not just one IP.
- Optional RC role and type hierarchy
- RC ttl setting in menues (already displayed, but setting is a bit tricky)
- AUTH daemon for authentication enforcement
- Support more network address families with addresses etc.
- Support more network address families with NETDEV and SCD/network/firewall
- Port the last lists (AUTH) to generic lists
- PM overhaul and menues
- (maybe) Install trace mode with automatic attribute restore (for software
updates)
- Script log->auth cap setting
- Learning modes etc. for automatic setup script generation
- ACL support in Samba
- (maybe) Attribute set undo log in menues
- (maybe) Attribute get log in menues
Amon.
--
http://www.rsbac.org