[rsbac] RSBAC v1.2.3-pre1 uploaded

Amon Ott ao at rsbac.org
Wed Sep 10 18:49:36 MEST 2003


Version 1.2.3-pre1 for kernels 2.2.25, 2.4.22 and 2.6.0-test5 has been 
uploaded to http://rsbac.org/pre.

While RSBAC for kernels 2.2.25 and 2.4.22 works as usual, you will have some 
limitation with the 2.6.0 version:

In kernel config,
- go to Menu "Security Options"
- check "Enable different security models" and "Socket and Networking 
Security Hooks"
- disable "Default Linux Capabilities" and "NSA SELinux Support".

Note: You will have no capability functionality with this configuration, so 
RSBAC CAP module will be useless!

The LSM capability module does not include a stacker function to register the 
RSBAC LSM functions as secondary module, so registration to LSM will fail. I 
will have to partially init RSBAC before this module and provide full LSM 
stacking functionality to get a workaround for the IMHO broken LSM stacking 
design. Oh well.

It might work together with SELinux, though, because they added all the 
secondary calls for stacking with a restrictive metapolicy.

If it takes much more work, I will probably throw out the few LSM hooks I 
could use and return to my own hooks. :(

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list