== 1.3.0rc1 released == //Thurday, 14/Sep/2006// [[@dl.php?file=pre/rsbac-1.3.0rc1/|RSBAC 1.3.0rc1]] has been released for both kernels 2.4.33.3 and 2.6.17.13. Please test it ! Improvements over 1.2.x series: * Restarted 1.3 tree from the 1.2.7 release * System call rsbac_version to return numeric version without checking the caller’s version provided to syscall. * JAIL: allow_parent_ipc to allow IPC into parent jail. Useful with Apache mod_jail and others. Needs another process attribute jail_parent * JAIL: add a flag to allow suid/sgid files and dirs. * Optionally check CHANGE_OWNER for PROCESS targets also as CHANGE_OWNER on the new USER. This allows fine grained control also in RC and ACL models. * Change network templates to hold up to 25 ip networks and up to 10 port ranges. * Automatic online resizing of per-list hash table. As list identifiers are pointers to list headers, which must not change, the arrays of list heads are allocated separately and accessed through a pointer. * Change named UNIX sockets to be new filesystem target type T_UNIXSOCK and unnamed to be new IPC type anonunix (like pipes) * RC role def_unixsock_create_type, which overrides the def_(ind_)fd_create_type. Default value use_def_fd. * Change aci, acl and auth devices lists to use RCU on 2.6 kernels * Dazuko udev support * UM password history with configurable length to avoid password reuse. * Update HTML doc in Documentation/rsbac, or point all docs to the website. * Hide dir entries a process has no SEARCH right for * Limit number of items per single list to 50000, so real limit is at 50000 * nr_hashes. * New request type AUTHENTICATE against USER targets. No authentication against RSBAC UM without this right in RC and ACL. * Complete hook review with several small fixes. * More detailed JAIL decision logging for IPC and UNIXSOCK targets with rsbac_debug_adf_jail. Please test it and report your experience, issues, etc. Thanks !