[rsbac] LSM support removed and ported to 2.6.0-test9

Amon Ott ao at rsbac.org
Wed Oct 29 18:36:34 MET 2003


According to my LSM removal decision, there is now a new version available on 
rsync without LSM. I will soon make a pre2 with 2.6 and 2.4 support and then 
start adding new features. 2.2 patches will only be available on request, but 
2.2 support is still in the common code.

To be precise, LSM support is currently disabled and the corresponding RSBAC 
hooks have been put back in.

This is my current to-do list for 1.2.3. Please tell me, if you miss 


- Port to 2.6.0-test with LSM
- New JAIL flag allow_clock for ntpd encapsulation
- Removed LSM support (see http://rsbac.org/lsm.htm).

To do for 1.2.3:

- Remove 2.2 kernel support.
- More sophisticated resource control scheme.
- Allow IP-list in jail, not just one IP.
- Static PaX support module.
- RC ttl setting in menues (already displayed, but setting is a bit tricky).
- AUTH daemon for authentication enforcement.
- AUTH cap inheritance from parent dir (single step only?).
- Backup optimization with per-directory reference counters, of counter ==
0, skip full tree.
- (Maybe) Exclude option in backup, maybe with regular expressions.
- Full log separation between syslog and RSBAC log, also for debug messages.
- Fix ACL menu target type selection to avoid INVALIDTARGET.
- Show name of new object in CREATE request log.
- mac_trusted_for_user with list instead of single user.
- (Maybe) add jail flags and IP FD attributes to force a jail for a program
without chroot.

To do later:

- Replace values for ttl'd data, to be used after timeout
- Optional RC role and type hierarchy for easier organization
- Support more network address families with addresses etc.
- Support more network address families with NETDEV and SCD/network/firewall
- Wrappers for rpm and dpkg to backup and restore attributes on package
- PM overhaul and menues
- (maybe) Install trace mode with automatic attribute restore (for software
- Script to create auth cap setting script from syslog
- Learning modes etc. for automatic setup script generation
- ACL support in Samba
- (maybe) Attribute set undo log in menues
- (maybe) Attribute get log in menues

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list