Friday, 21/July/2006

RSBAC 1.3.0pre2 has been released for both kernels 2.4.32 and 2.6.17. Please test it !

Improvements over 1.2x series:

• Restarted 1.3 tree from the 1.2.7 release
• System call rsbac_version to return numeric version without checking the caller’s version provided to syscall.
• JAIL: allow_parent_ipc to allow IPC into parent jail. Useful with Apache mod_jail and others. Needs another process attribute jail_parent
• JAIL: add a flag to allow suid/sgid files and dirs.
• Optionally check CHANGE_OWNER for PROCESS targets also as CHANGE_OWNER on the new USER. This allows fine grained control also in RC and ACL models.
• Change network templates to hold up to 20 ip networks and up to 10 port ranges.
• Automatic online resizing of per-list hash table. As list identifiers are pointers to list headers, which must not change, the arrays of list heads are allocated separately and accessed through a pointer.
• Change named UNIX sockets to be new filesystem target type T_UNIXSOCK and unnamed to be new IPC type anonunix (like pipes)
• RC role def_unixsock_create_type, which overrides the def_(ind_)fd_create_type. Default value use_def_fd.
• Change aci, acl and auth devices lists to use RCU on 2.6 kernels
• Dazuko udev support
• UM password history with configurable length to avoid password reuse.
• Update HTML doc in Documentation/rsbac, or point all docs to the website.
• Hide dir entries a process has no SEARCH right for

Please test it and report your experience, issues, etc. Thanks !