[rsbac] RSBAC 1.3.0pre2 released

kang kang at rsbac.org
Fri Jul 21 14:01:33 CEST 2006

Hash: SHA1

1.3.0pre2 released

RSBAC 1.3.0pre2 has been released for both kernels 2.4.32 and 2.6.17.

Please test it and report your experience, issues, etc. Thanks !

Improvements over the 1.2x series:

    * Restarted 1.3 tree from the 1.2.7 release
    * System call rsbac_version to return numeric version without
checking the caller?s version provided to syscall.
    * JAIL: allow_parent_ipc to allow IPC into parent jail. Useful with
Apache mod_jail and others. Needs another process attribute jail_parent
    * JAIL: add a flag to allow suid/sgid files and dirs.
    * Optionally check CHANGE_OWNER for PROCESS targets also as
CHANGE_OWNER on the new USER. This allows fine grained control also in
RC and ACL models.
    * Change network templates to hold up to 20 ip networks and up to 10
port ranges.
    * Automatic online resizing of per-list hash table. As list
identifiers are pointers to list headers, which must not change, the
arrays of list heads are allocated separately and accessed through a
    * Change named UNIX sockets to be new filesystem target type
T_UNIXSOCK and unnamed to be new IPC type anonunix (like pipes)
    * RC role def_unixsock_create_type, which overrides the
def_(ind_)fd_create_type. Default value use_def_fd.
    * Change aci, acl and auth devices lists to use RCU on 2.6 kernels
    * Dazuko udev support
    * UM password history with configurable length to avoid password reuse.
    * Update HTML doc in Documentation/rsbac, or point all docs to the
    * Hide dir entries a process has no SEARCH right for

Patches and prepatched kernels are available at this location:

Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the rsbac mailing list