[rsbac] script for initial RC policy to use with learning mode
Jens Kasten
jens at kasten-edv.de
Wed Jan 13 07:07:05 CET 2016
Can' t wait :)
For the Allwinner A20 Soc all hardware then supported by the mainline kernel.
Most important changes are aes engine and dma support which should speed up access to encrypted harddrive alot.
Am 11.01.2016 09:40 schrieb Amon Ott <ao at rsbac.org>:
>
> Am 06.01.2016 um 17:36 schrieb Javier Juan Martínez Cabezón:
> > For now it eliminates in reset_caps all maximum capabilities to all
> > binaries to allow learning at boot, bootscriptsrc() create a new role
> > and a new type to each init.d script and to each cron task, names has
> > a 15 character limit (Amon I think this are too few), I have to
> > truncate them.
>
> I know this is too limited, but increasing would need a new on-disk list
> version, which breaks compatibility with previous versions. I plan to
> introduce new list versions for FD attributes some time this year, so we
> can do it all together then and call the result Version 1.5 to indicate
> that it is an upgrade.
>
> > Amon, learning mode denies and then learns is this de desired
> > behaviour?. This means that to fully learn the same thing has to be
> > executed many times.
>
> No, this is wrong. I will look into it soon. Learning mode seems to have
> been slightly broken for a while.
>
> Currently, I am working on the FD cache for inherited attribute values,
> which should be much faster than before and already needs much fewer
> invalidates. All this is in the 4.1 git repo and will be ported to
> others, when it has been well tested.
>
> As Kernel 4.4 has just been released, the port to this new long term
> stable version is also on my to-do list.
>
> Amon.
> --
> http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
>
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
More information about the rsbac
mailing list