[rsbac] RSBAC v1.2.3-pre1 uploaded
Amon Ott
ao at rsbac.org
Wed Sep 10 18:49:36 MEST 2003
Hi!
Version 1.2.3-pre1 for kernels 2.2.25, 2.4.22 and 2.6.0-test5 has been
uploaded to http://rsbac.org/pre.
While RSBAC for kernels 2.2.25 and 2.4.22 works as usual, you will have some
limitation with the 2.6.0 version:
In kernel config,
- go to Menu "Security Options"
- check "Enable different security models" and "Socket and Networking
Security Hooks"
- disable "Default Linux Capabilities" and "NSA SELinux Support".
Note: You will have no capability functionality with this configuration, so
RSBAC CAP module will be useless!
The LSM capability module does not include a stacker function to register the
RSBAC LSM functions as secondary module, so registration to LSM will fail. I
will have to partially init RSBAC before this module and provide full LSM
stacking functionality to get a workaround for the IMHO broken LSM stacking
design. Oh well.
It might work together with SELinux, though, because they added all the
secondary calls for stacking with a restrictive metapolicy.
If it takes much more work, I will probably throw out the few LSM hooks I
could use and return to my own hooks. :(
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list