[rsbac] RSBAC with GRSec patches

Michał Purzyński michal at rsbac.org
Fri Dec 14 11:16:50 CET 2007


On Dec 12, 2007, at 11:14 AM, Павел Петлинский wrote:

> Hi.
> Did anybody try to patch RSBAC kernel sources with GRSecurity patch?
> I think, it will be good, because GRSecurity provide some useful
> restrictions for chroot, secure execution and /proc.
> Can somebody help me?
> Best regards, Paul Petlinsky.

It is possible to use both RSBAC and GRSecurity in one kernel, in  
theory. But in practice it's not something you would like to do - with  
carefully RSBAC setup you can get almost every single functionality of  
grsecurity, like restrictions for chroot() (a lot better in rsbac -  
module JAIL, with per process settings instead of grsec's 'one size  
fits all' hardwired). it's also simple to restrict access to the /proc  
files, in exactly the same way, like 'user can only see her own  
processes' and many more.

just write what do you need, we will help with your setup.

oh and btw - having two mandatory access control systems enabled in  
one kernel is asking for trouble - while it works, pretty eveything  
can happen.

Michal Purzynski 


More information about the rsbac mailing list