RSBAC Handbook
Releases
Stable: 1.4.3
kernel:
Full RSBAC kernels
Lazy of patching ?
Get the already rsbac-patched kernel. Choose your flavor.
Classic kernels
Includes vanilla kernel with the RSBAC patch
Enhanced kernels
PaX+RSBAC kernels
Debian repository
Also works for Ubuntu and other Debian-based distributions, of course
GIT
Cutting edge RSBAC source code, can be unstable sometimes
Events
No events planned
The JAIL module provides a new call rsbac_jail, which makes a chroot call (with chdir(”/”)) and adds further restrictions on the calling process and all subprocesses. Some of these restrictions can be turned off by flags to the syscall or the rsbac_jail command line wrapper, these are marked with an * in the following list. The rsbac_jail system call also takes the allowed IP-Address for binding (may be 0.0.0.0 for any) as parameter.
Both chroot and IP address limits are optional.
Processes in a jail may not:
All processes in jails are listed in /proc/rsbac-info/jails, if RSBAC proc support has been enabled.
More details are given on the configuration page
Table of Contents: RSBAC Handbook
Back: Security Models