[rsbac] RSBAC 1.3.0 released

Vincent Danen vdanen at annvix.org
Thu Oct 26 16:43:57 CEST 2006 

* Amon Ott <ao at rsbac.org> [2006-10-26 09:07:58 +0200]:

> > > RSBAC 1.3.0 has been released for both kernels 2.4.33.3 and 
> 2.6.18.
> > 
> > Out of curiousity, it seems as though the 2.6.16 branch has been 
> chosen
> > as the "stable" branch and seems to (at least so far) be well
> > maintained.  Are there any plans or the possibility of having a set 
> of
> > RSBAC patches for 2.6.16 with the latest RSBAC version?
> 
> For now, you can use the 1.2.7 patch with the 1.2.8 tarball and 1.2.8 
> tools. We can check for important changes, but there should not be 
> much.

I believe that right now I am using 1.2.8 with our kernel, so that's ok.

> As maintaining yet another kernel tree would be significant extra 
> work, we will have to think about it.

Yeah, I know the extra work makes it less appealing.  But, considering
how kernel development has been, I've had to ask.

> > The reason I ask is that some of us are getting tired of the moving
> > target that is today's Linux kernel, and it looks like standardizing 
> on
> > 2.6.16 is our best chance to have a "stable and supported" 2.6 
> kernel
> > without enduring API changes and other silliness between versions.
> > 
> > Considering the application and usage of RSBAC, perhaps maintaining 
> a
> > set of patches against 2.6.16 would be of use to more people (who 
> want
> > a stable kernel, but the latest RSBAC).
> 
> As stated several times before, I fully agree that 2.6 as it is now is 
> a moving target which changes way too fast to be stable and secure 
> enough. The often daily security updates have proven this. As 
> company, we only use 2.4 kernels for production, because we do not 
> trust 2.6.

Yeah, I've caught quite a bit of flack lately for publically criticizing
the current kernel development strategy, although I doubt my complaints
will actually have any effect on changing things.  I too, until
recently, was relying on the 2.4 kernel... unfortunately, as I'm finding
out, due to new hardware, the 2.4 kernel isn't as feasible as it used to
be, which makes moving to 2.6 almost inevitable.  The trick is to find a
good 2.6 "branch" to stick to and from the sounds of things, 2.6.16 is
the one to use.

> If there is significant demand, there is sure some way to maintain 
> RSBAC for the 2.6.16 stable tree. 1.3 would have to be backported for 
> this first.

Just thinking about it, how difficult to do you think it would be to
port 1.3 to 2.6.16?  I wouldn't mind helping if it was more a matter of
it being time consuming (I'm not a kernel hacker by any stretch of the
imagination).

-- 
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C  A2BC 2EBC 5E32 FEE3 0AD4}
mysql> SELECT * FROM users WHERE clue > 0;
Empty set (0.00sec)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://www.rsbac.org/pipermail/rsbac/attachments/20061026/ef771782/attachment.bin

More information about the rsbac mailing list