[rsbac] RSBAC v1.2.3-pre5 released

Amon Ott ao at rsbac.org
Fri Apr 30 15:59:22 CEST 2004 

Hi everyone,

the next and hopefully last pre-release of version 1.2.3 has been released. 
It supports kernels 2.4.25-26 and 2.6.5, pre-patched kernels are currently 
uploading to http://rsbac.org/kernels and will hit the mirrors over night.

Changes from pre4, as listed in my to-do list at 
http://zhware.ath.cx/cgi-bin/oswiki.cgi/RsbacTodo

    *  Initialize attributes for all existing processes in 2.6 
(for_all_processes(p)...), like in 2.4.
    * Fix admin tools segfault when using -V without parameter
    * New RC syscall and tool to get current role
    * mac_trusted_for_user with list instead of single user.
    * Dazuko REG module (in Dazuko 2.0.2-pre2)
    * Block fchdir outside the jail, if some stupid program opened a dir, 
called rsbac_jail() and then called fchdir(). Done by simply closing all 
open dirs after rsbac_jail() called chroot.
    * Check Spender's claim about JAIL bugs: Some bugs found, all relevant 
chroot items from regression suite solved. Not urgent enough and too many 
changes to make a 1.2.2 bugfix.
    * Dazuko integration as fixed module, planned as replacement for MS 
module
    * Dazuko result caching with generic lists (as in old MS module)
    * Merge AUTH special value for eff and fs uid (thanks to Arnout 
Engelen)
    * Change rsbac_jail syntax to make chroot() and IP address optional
    * New optional rsbac_jail parameter max_caps, which limits the Linux 
capabilities of all processes in the jail
    * Hide process ids without GET_STATUS_DATA in /proc/
    * /proc/rsbac-info/active to get current version and list of active 
modules: One line each for version, mode: Secure/Softmode/Maintenance, 
softmode: available/unavailable and one line per module: on/softmode/off
    * Solve the new "kernel complains about vmalloc with lock" uglyness: 
removed all vmalloc use in 2.6 kernels, too many workarounds needed.
    * Protect sysfs objects in 2.6 kernels
    * Fix admin tools ./configure --enable-contrib 

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list