[rsbac] RSBAC 1.3.0pre2 released
kang at rsbac.org
Fri Jul 21 14:01:33 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
RSBAC 1.3.0pre2 has been released for both kernels 2.4.32 and 2.6.17.
Please test it and report your experience, issues, etc. Thanks !
Improvements over the 1.2x series:
* Restarted 1.3 tree from the 1.2.7 release
* System call rsbac_version to return numeric version without
checking the caller?s version provided to syscall.
* JAIL: allow_parent_ipc to allow IPC into parent jail. Useful with
Apache mod_jail and others. Needs another process attribute jail_parent
* JAIL: add a flag to allow suid/sgid files and dirs.
* Optionally check CHANGE_OWNER for PROCESS targets also as
CHANGE_OWNER on the new USER. This allows fine grained control also in
RC and ACL models.
* Change network templates to hold up to 20 ip networks and up to 10
* Automatic online resizing of per-list hash table. As list
identifiers are pointers to list headers, which must not change, the
arrays of list heads are allocated separately and accessed through a
* Change named UNIX sockets to be new filesystem target type
T_UNIXSOCK and unnamed to be new IPC type anonunix (like pipes)
* RC role def_unixsock_create_type, which overrides the
def_(ind_)fd_create_type. Default value use_def_fd.
* Change aci, acl and auth devices lists to use RCU on 2.6 kernels
* Dazuko udev support
* UM password history with configurable length to avoid password reuse.
* Update HTML doc in Documentation/rsbac, or point all docs to the
* Hide dir entries a process has no SEARCH right for
Patches and prepatched kernels are available at this location:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v18.104.22.168 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the rsbac