rsbac-v1.1.2-pre8 uploaded


From: Amon Ott <ao@rsbac.org>
Subject: rsbac-v1.1.2-pre8 uploaded
Date: Tue, 17 Jul 2001 18:35:09 +0200

Next Article (by Date): Capabilities "Kaladis"
Previous Article (by Date): RE: SMP kernel. "hollace leon"
Next in Thread: Re: rsbac-v1.1.2-pre8 uploaded Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


Hello again!

rsbac-v1.1.2-pre8 has been uploaded to http://rsbac.org/pre.

- Changed mount code again: now initrd and devfs should really work together.

- RSBAC now really supports multiple mounts of single devices via mount_counts.
Attribute value inheritance parents are a bit tricky, you should always umount
the first mount of a device last, or you will break inheritance from its parent.

- ACL bug (DEV and SCD masks not applied) fixed.

- New CONFIG_DAC_DISABLE option: if enabled, you can disable Linux filesystem
access control with kernel param rsbac_dac_disable or as secoff etc. via
/proc/rsbac-info/debug

- New nosyslog option, so you can temporarily disable RSBAC request logging to
syslog via kernel param rsbac_nosyslog or /proc/rsbac-info/debug

- New rsu tool for authenticated start of a command with another role (by
Stanislav)

- New Linux groups and filesystem rights to ACL converter, called linux2acl,
which produces an ACL script. Just recall the discussion about switching off
Linux DAC... I hope I got all special Linux right cases correctly. I made a test
on my test system, including a run of the result script. It produced ca. 2000
ACLs with ca. 6000 entries, but the system works fine.

Please test this version as much as you can and report errors as soon as
possible. I want to get the final version out!

I am specially interested in comments on multiple mounts, initrd and linux2acl.

Stanislav: Please test initrd, if possible with devfs. ru.po has changed again,
please update. rsu needs gettext entries, and I still have not tested it here.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Capabilities "Kaladis"
Previous Article (by Date): RE: SMP kernel. "hollace leon"
Next in Thread: Re: rsbac-v1.1.2-pre8 uploaded Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.