[rsbac] 1.4.0-rc3 released

kang kang at insecure.ws
Mon Nov 10 14:58:11 CET 2008

Hash: SHA256

After a long development phase, RSBAC 1.4.0-rc3 has been released.

This should be the final release if there are no major bugs for this
release. This mean it's highly advised to test it :)

Changes since rc-2:
- ---

- - supports kernel 2.6.27
- - splitted common code for 2.4 and 2.6 kernels. they aren't
interchangeable anymore (but are still common between 2.6 kernels and
2.4 kernels branches)
- - increase length of user and group items in user management (up to 64
characters for usernames)
- - rsbac automount has been converted to support vfsmount(). it also
now detect a few more mounts at initialization.
- - new interceptions review
- - lots of bug fixes (see svn for more detailled infos

About RSBAC 1.4:
- ---

RSBAC 1.4 mainly introduce the new virtual user management feature,
which let you isolate complete set of users in so-called "virtual sets".

As an example, you can start your mail server in a different set, and
the users getting the email will not be part of the system users.

Likewise, your jails can be started in a different set, so that the
users in that jail will never be the same ones as the real system users.

You can specify the user set with the usual tools by specifying the
full user path, e.g.:

0:0 defines user id 0 (root) virtual set 0 (eg system user root)
0:1000 defines user id 1000 virtual set 0 (eg a system user)
1:400 defines user id 400 (security) virtual set 1
2:1000  defines user id 100 virtual set 2 (for example, mail users
could be in set 2)

RSBAC 1.4.0-rc3 patches, tools and pre-patched kernels are available at:


Have fun testing :)
Version: GnuPG v1.4.9 (GNU/Linux)


More information about the rsbac mailing list