This page reflects our current work queue - if you miss anything here, it will probably not happen. Please discuss any wishes on the RSBAC mailing list at rsbac@rsbac.org or open a bug. The RSBAC development team.

• Add RC role attribute indicating that one has to authenticate with her UM password before actively changing to that role and mechanism for doing it.
• Add kexec call control with new kexec SCD type.
• New JAIL switch for enclosing process in its private namespace.
• Hide dir entries a process has no SEARCH right for - 2.6 done and working good, 2.4 in a middle.
• New CAP capability: ld-preload. ld.so can check for this cap and only do preload, if enabled.
• Add syscall rsbac_rc_create_file(filename, mode, rc_type), which creates a file with a given type. Caller’s current role needs new special right SELECT to the type.
• New request on USER target for authentications, to avoid password tests on any account.

• Per-target log settings for USER, GROUP, SCD, using log_array_low and log_array_high like for FD, DEV, NETOBJ.
• Replace the Dazuko interface with an RSBAC interface, compatible with Dazuko/Fazuko registration/scanning. Use RSBAC caching/attributes instead of path based Dazuko’s pass. (will ignore include/exclude path settings inside the scanner). This will result in faster scanning and more consistent attributes (attributes already there)
• Add more REG modules as examples yet ready for production use - most important seclvl.
• Include patches for standard system tools like ps,top,ls.
• New rsbac_um_menu for UM administration
• User Management option to automatically create user pseudos when adding a user.
• Show difference between two RC roles.
• Allow IP list in jail, not just one IP.
• More fine grained locking for hashed lists - or use RCU etc. (done on some parts?)
• Wrappers for rpm and dpkg to backup and restore attributes on package updates.
• Solution for rsbac_list_get_all_* with very long lists (>100000 entries), e.g. allow to specify an offset.

• Automatic secure and reliable list replication to other RSBAC systems.
• Get Xen working with RSBAC. Add SCD:xen control for xen administration.
• Pseudonymic remote IP addresses: When process asks for peer address, return a pseudonymic address, if enabled both for program and matching template. Provide same functionality for firewall and RSBAC logs. Useful for privacy conforming logs. Pseudonyms per byte, forward and reverse lookup tables for values.
• JAIL FD attributes to force a jail on a program.
• CAP learning mode for single programs.
• Avoid request no module stated any interest in. Use a request_vector_t to store and a simple inline function to perform the check. Fill vector automatically from DO_NOT_CARE results. Problem with logging, though. Does not work with RC and ACL, because they always check all requests, so maybe per-module.
• Real model driven logging model - extend the decision return code to also signal whether this module requests logging. Still, we could use the object based logging rules for other targets than FD, DEV and NETOBJ. Note that these rules can also suppress logging - the decision extension could only request logging.
• Per RC role and type ADF debug mode
• New rsbac_ipc_menu in admin tools for IPC administration
• AUTH daemon for backwards compatible and network based authentication enforcement.
• Make secure delete on journalled filesystems (at least ext3) more reliable, e.g. hook into the block deallocation code. Might need a new mount option for ext3 etc.
• ACLs for ACL groups.
• Programs as ACL subjects, e.g. assign ACL program IDs to program files and use them in ACL entries.
• Full support for IPv6 in Network Templates and network/firewall administration.
• IPv6 support in JAIL module.
• ACL learning mode for RC roles and other target types.
• ACL support in Samba.
• Object history list in rsbac_fd_menus.
• Mount options rc_type_fd=<n> (might be others if necessary) to override fd rc types on mounted fs. We need to make sure it is secure, maybe with secoff involved in decision.
• Tool to see all RSBAC managed properties applied to one object.
• RC ttl setting in menues (already displayed, but setting is a bit tricky).

• RBAC model as runtime registration module.
• SELinux model as runtime registration module.
• Helper script to load existing SELinux configs into the SELinux module.
• Make ACL learning mode be triggered by user and/or role.
• Backup optimization with per-directory reference counters, if counter == 0, skip full tree.
• (Maybe) Exclude option in backup, maybe with regular expressions.
• Replace values for ttl’d data, to be used after timeout.
• Really delete lists on rsbac_list_destroy().
• (Maybe) make AUTH cap ranges (first-from-uid, last-from-uid, first-to-uid, last-to-uid), so you can have different sets depending on the current uid.
• Optional RC role and type hierarchy for easier organization.
• (Maybe) add jail flags and IP FD attributes to force a jail for a program without chroot.
• More sophisticated resource control scheme.
• Support more network address families in templates.
• Support more network address families with NETDEV and SCD/network/firewall.
• PM overhaul and menues.
• (maybe) Install trace mode with automatic attribute restore (for software updates).
• More learning modes etc., e.g. with automatic setup script generation.
• (maybe) Attribute set undo log in menues.
• (maybe) Attribute get log in menues.
• Use namespaces for symlink redirection, if suitable.

(see http://marc.theaimsgroup.com/?l=linux-kernel&m=112689584917417&w=2)

• Review and maybe use XACE xorg’s security extensions
• Everlasting: Improve documentation - there are man pages, concept and detail descriptions, how-tos, examples and other stuff missing (volunteers?)
• Extend learning modes for automatic setup generation. AUTH learning finished in 1.2.3, simple global ACL learning, too.

See also: Bugtracker

Follow what’s going on with the code!

CIA RSS

See also: SVN repository