Rule Set Based Access Control (RSBAC) is a Free Software security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
Release Notes: This release is for Linux kernel 188.8.131.52. A significant speedup and even better SMP scalability are expected from the new RCU based list locking. The most important changes since 1.3.5 are the addition of VUM (Virtual User Management) support, OTP support for UM, support of ANY for NETLINK control, checking of CLOSE requests in RC, the addition of SCD target videomem and kernel attribute pagenr, ext4 secure delete support, and many small bugfixes too. Generic lists were changed to use RCU instead of rw spinlocks.
Release Notes: This release works both for Linux kernel version 2.4.36 and version 184.108.40.206. It now supports secure delete on XFS and JFS, and the new kernel parameter rsbac_list_recover allows you to register lists even if reading from disk fails. Minor feature enhancements and bugfixes were made.
Release Notes: This version includes all the bugfixes from version 1.3.6, as well as the new virtual user management feature. This feature lets you have many virtual user sets in your system. As an example, you can start your mail server in a different set, and the users you're getting mail to will not be any of the system users. Likewise, your jails can be started in a different set so that the users in that jail will never be the same ones as the real system users.
Release Notes: This release relates to kernel 220.127.116.11 and 18.104.22.168. There are important fixes with some compilation errors and an important bug with User Management password hashing, introduced with the newer 2.6 kernel crypto API. Some security has been added with safety measures against null pointers.
Release Notes: The changes for this release were fixes in the administration tools package for attribute backup and library paths, plus some minor bugfixes. No changes were made in rsbac-common.