[rsbac] RSBAC v1.2.3-pre5 released
Amon Ott
ao at rsbac.org
Fri Apr 30 15:59:22 CEST 2004
Hi everyone,
the next and hopefully last pre-release of version 1.2.3 has been released.
It supports kernels 2.4.25-26 and 2.6.5, pre-patched kernels are currently
uploading to http://rsbac.org/kernels and will hit the mirrors over night.
Changes from pre4, as listed in my to-do list at
http://zhware.ath.cx/cgi-bin/oswiki.cgi/RsbacTodo
* Initialize attributes for all existing processes in 2.6
(for_all_processes(p)...), like in 2.4.
* Fix admin tools segfault when using -V without parameter
* New RC syscall and tool to get current role
* mac_trusted_for_user with list instead of single user.
* Dazuko REG module (in Dazuko 2.0.2-pre2)
* Block fchdir outside the jail, if some stupid program opened a dir,
called rsbac_jail() and then called fchdir(). Done by simply closing all
open dirs after rsbac_jail() called chroot.
* Check Spender's claim about JAIL bugs: Some bugs found, all relevant
chroot items from regression suite solved. Not urgent enough and too many
changes to make a 1.2.2 bugfix.
* Dazuko integration as fixed module, planned as replacement for MS
module
* Dazuko result caching with generic lists (as in old MS module)
* Merge AUTH special value for eff and fs uid (thanks to Arnout
Engelen)
* Change rsbac_jail syntax to make chroot() and IP address optional
* New optional rsbac_jail parameter max_caps, which limits the Linux
capabilities of all processes in the jail
* Hide process ids without GET_STATUS_DATA in /proc/
* /proc/rsbac-info/active to get current version and list of active
modules: One line each for version, mode: Secure/Softmode/Maintenance,
softmode: available/unavailable and one line per module: on/softmode/off
* Solve the new "kernel complains about vmalloc with lock" uglyness:
removed all vmalloc use in 2.6 kernels, too many workarounds needed.
* Protect sysfs objects in 2.6 kernels
* Fix admin tools ./configure --enable-contrib
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list