[rsbac] Update: To-Do List for 1.2.3

Amon Ott ao at rsbac.org
Fri Sep 26 21:47:00 MEST 2003

Current list:


- Port to 2.6.0-test
- New JAIL flag allow_clock for ntpd encapsulation

To do for 1.2.3:

- (Maybe) remove 2.2 kernel support
- More sophisticated resource control scheme
- Allow IP-list in jail, not just one IP.
- RC ttl setting in menues (already displayed, but setting is a bit tricky)
- AUTH daemon for authentication enforcement
- AUTH cap inheritance from parent dir (single step only?)
- Exclude option in backup, maybe with regular expressions
- Full log separation between syslog and RSBAC log, also for debug messages
- Clean up 2.6.0-test port, e.g. either add LSM stacking or remove LSM
- Fix ACL menu target type selection to avoid INVALIDTARGET
- Show name of new object in CREATE request log
- mac_trusted_for_user with list instead of single user
- (Maybe) add jail flags and IP FD attributes to force a jail for a program
without chroot

To do later:

- Optional RC role and type hierarchy for easier organization
- Support more network address families with addresses etc.
- Support more network address families with NETDEV and SCD/network/firewall
- PM overhaul and menues
- (maybe) Install trace mode with automatic attribute restore (for software
- Script to create auth cap setting script from syslog
- Learning modes etc. for automatic setup script generation
- ACL support in Samba
- (maybe) Attribute set undo log in menues
- (maybe) Attribute get log in menues

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list