[rsbac] RSBAC 1.3.0rc1 released
kang at rsbac.org
Thu Sep 14 18:08:01 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
RSBAC 1.3.0rc1 has been released for both kernels 18.104.22.168 and 22.214.171.124
This is a release candidate, so please test it and report your
experience, issues, etc. The final 1.3.0 version will be the same with
possible remaining bugs fixed.
Your testing is important for us, Thanks !
Improvements over the 1.2x series:
* Restarted 1.3 tree from the 1.2.7 release
* System call rsbac_version to return numeric version without
checking the caller?s version provided to syscall.
* JAIL: allow_parent_ipc to allow IPC into parent jail. Useful with
Apache mod_jail and others. Needs another process attribute jail_parent
* JAIL: add a flag to allow suid/sgid files and dirs.
* Optionally check CHANGE_OWNER for PROCESS targets also as
CHANGE_OWNER on the new USER. This allows fine grained control also in
RC and ACL models.
* Change network templates to hold up to 20 ip networks and up to 10
* Automatic online resizing of per-list hash table. As list
identifiers are pointers to list headers, which must not change, the
arrays of list heads are allocated separately and accessed through a
* Change named UNIX sockets to be new filesystem target type
T_UNIXSOCK and unnamed to be new IPC type anonunix (like pipes)
* RC role def_unixsock_create_type, which overrides the
def_(ind_)fd_create_type. Default value use_def_fd.
* Change aci, acl and auth devices lists to use RCU on 2.6 kernels
* Dazuko udev support
* UM password history with configurable length to avoid password reuse.
* Update HTML doc in Documentation/rsbac, or point all docs to the
* Hide dir entries a process has no SEARCH right for
* Limit number of items per single list to 50000, so real limit is
at 50000 * nr_hashes.
* New request type AUTHENTICATE against USER targets. No
authentication against RSBAC UM without this right in RC and ACL.
* Complete hook review with several small fixes.
* More detailed JAIL decision logging for IPC and UNIXSOCK targets
Patches and prepatched kernels are available at this location:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v126.96.36.199 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the rsbac