home
Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| home [2023/02/15 12:55] – 6.1 port ao | home [2024/10/29 09:22] (current) – New request types GET_XATTR and MODIFY_XATTR on FD targets ao | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | == New request types GET_XATTR and MODIFY_XATTR on FD targets == | ||
| + | //Tuesday, 29/ | ||
| + | |||
| + | The system call families getxattr() and setxattr() used to be intercepted with requests GET_PERMISSIONS_DATA and MODIFY_PERMISSIONS_DATA. Since extended attributes do much more than Linux access control with ACLs, we needed a way to distinguish these types of access. | ||
| + | |||
| + | I decided to introduce the new request types GET_XATTR and MODIFY_XATTR for them, valid for all FD targets. The changes are in the kernel Git repos for 6.6, 6.1, 5.15 and 5.10 as well as in the rsbac-admin repo for administration. Older kernels remain unchanged. | ||
| + | |||
| + | == RSBAC stable with kernel 6.6 == | ||
| + | // | ||
| + | |||
| + | RSBAC with kernel 6.6 is now recommended. It has been running very well for months. | ||
| + | |||
| + | == RSBAC for kernel 6.6 == | ||
| + | //Thursday, 11/ | ||
| + | |||
| + | RSBAC has been ported successfully to LTS kernel 6.6. Internal kernel changes to the Linux caps structure required new on-disk versions of all RSBAC lists holding cap vectors. | ||
| + | |||
| + | I took the chance to default CONFIG_RSBAC_MOVETO to yes with 6.6 and auto-adjust RC and ACL FD lists with new versions, too. Existing WRITE right to FD targets gets amended with MOVETO during list upgrade to avoid unexpected behaviour. | ||
| + | |||
| + | The automatic list version upgrades mean that going back to previous kernels might show invalid lists, you need to boot with rsbac_list_recover kernel parameter and set cap related and RC and ACL FD values again. | ||
| + | |||
| + | In my tests, 6.6 seems to be running pretty well, please give it a try and report. Patches are at https:// | ||
| + | |||
| + | == RSBAC very stable with kernel 6.1 == | ||
| + | // | ||
| + | |||
| + | Hi folks, | ||
| + | |||
| + | just a quick note that kernel 6.1 has been running very well with RSBAC for months now, I recommend switching to 6.1. | ||
| + | |||
| + | As usual, you get all the code at https:// | ||
| + | |||
| + | |||
| == RSBAC 1.5.6 for kernel 6.1 == | == RSBAC 1.5.6 for kernel 6.1 == | ||
| // | // | ||
| Line 4: | Line 37: | ||
| Hi folks, | Hi folks, | ||
| - | just a quick notice that RSBAC has been ported to kernel 6.1 at 5.15 state. Seems to be running fine on my test system, but please test yourself and report to the mailing list or to the bug tracker. | + | RSBAC has been ported to kernel 6.1 at 5.15 state. Seems to be running fine on my test system, but please test yourself and report to the mailing list or to the bug tracker. |
| - | You get all the code at https:// | + | You get all the code at https:// |
| RSBAC has been running very well with kernel series 5.10 for a long time, so please consider 5.10 to be the best choice for now. | RSBAC has been running very well with kernel series 5.10 for a long time, so please consider 5.10 to be the best choice for now. | ||
home.1676465739.txt.gz · Last modified: 2023/02/15 12:55 by ao