[rsbac] LSM support removed and ported to 2.6.0-test9

[Bencsath Boldizsar]

>
> The logic is simple, for every access violation, there is a setting missing.
> Add the setting and there is no violation anymore. And it guarantees that you
> provide no more access than is required.
>

Due to the keep it simple, stupid methodology, it is not usally needed to
do this by the rsbac kernel: simply we need some unix utilities to help
keeping rsbac settings up to date. For example, every access violation is
logged in syslog, so just enter rsbac_softmode, run the programs, parse
syslog and set the bits automatically.

The only thing I'm missing is the number of the role in the logs-> I am
unable to decide what role has been used by uid X when it made something
wrong... Amon, is it possible to turn on role logging for RC NOT_GRANTED.

anyway, here's a simple script for You to think about.
example: backurights exim
this will save all rsbac data on files in the exim debian package to a
file with a date trailing, set setuid rights to 0 to enable updating the
package.

In detail:
secoff:backurights exim
root:apt-get install exim (new version)
secoff: sh <savedfilename-written on console by backurights>

:/home/secoff# more backurights
#!/usr/bin/perl

@A=`dpkg -L $ARGV[0]`;
$D=`date "+%Y%m%d"`;
$f="rsbbck.$ARGV[0].$D";
open(F,">$f");

print "#backing up $ARGV[0] at $D\n";
print F "#backing up $ARGV[0] at $D\n";
foreach $s (@A)
{
if (length($s)>2)
{
$s=~ s/\n//g;
$b=`attr_back_fd  $s`;
print F $b;
}
}
close(F);
print "###setuid turning off:\n\n\n";
open(F,"$f");
while ($se=<F>)
{
if ($se=~ /setuid/)
{
$se=~ s/auth_may_setuid 1/ auth_may_setuid 0/g;
print $se;
}
}
close(F);
print "\n\n\n";
print "run this to restore:\n\n\nsh $f\n\n";