== 1.3.0 released ==
//Thurday, 12/Oct/2006//

[[@download|RSBAC 1.3.0]] has been released for both kernels 2.4.33.3 and 2.6.18. You can also try it with the latest [[http://livecd.rsbac.org|RSBAC Live CD]].

Improvements over the 1.2.x series:

  * Speed and scalability:
    * Automatic online resizing of per-list hash table to reduce access time for large attribute lists significantly.
    * Limit number of items per single list to 50000, so real limit is at 50000 * nr_hashes.
    * Optimize cases in decision modules.
    * Change network templates to handle up to 25 ip networks and up to 10 port ranges.
    * Change aci, acl and auth devices lists to use RCU on 2.6 kernels.
  * More control:
    * Optionally check CHANGE_OWNER for PROCESS targets also as CHANGE_OWNER on the new USER. This allows fine grained setuid control also in RC and ACL models.
    * Change named UNIX sockets to be new filesystem target type T_UNIXSOCK and unnamed to be new IPC type anonunix (like FIFO target for pipes).
    * RC role def_unixsock_create_type, which overrides the def_(ind_)fd_create_type. Default value use_def_fd.
    * UM password history with configurable length to avoid password reuse.
    * New request type AUTHENTICATE against USER targets. No authentication against RSBAC UM without this right in RC and ACL.
  * JAIL Module:
    * More detailed JAIL decision logging for IPC and UNIXSOCK targets with rsbac_debug_adf_jail.
    * allow_parent_ipc to allow IPC into parent jail. Useful with Apache mod_rsbac and others.
    * add a flag to allow suid/sgid files and dirs.
  * Other improvements:
    * Dazuko udev support.
    * Hide dir entries a process has no SEARCH right for.
    * Complete hook review with several small fixes.
    * Add rsbac_get_switch(value_p, switchable) that returns the module's status (on or off) and switchable status (can turn off, back on, ..).
    * Added similar output to the proc information (/proc/rsbac-info/active).