home
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

RSBAC for kernel 6.6

Thursday, 11/Jan/2024

RSBAC has been ported successfully to LTS kernel 6.6. Internal kernel changes to the Linux caps structure required new on-disk versions of all RSBAC lists holding cap vectors.

I took the chance to default CONFIG_RSBAC_MOVETO to yes with 6.6 and auto-adjust RC and ACL FD lists with new versions, too. Existing WRITE right to FD targets gets amended with MOVETO during list upgrade to avoid unexpected behaviour.

The automatic list version upgrades mean that going back to previous kernels might show invalid lists, you need to boot with rsbac_list_recover kernel parameter and set cap related and RC and ACL FD values again.

In my tests, 6.6 seems to be running pretty well, please give it a try and report. Patches are at https://download.rsbac.org/latestdiff/6.6/

RSBAC very stable with kernel 6.1

Wednesday, 04/Oct/2023

Hi folks,

just a quick note that kernel 6.1 has been running very well with RSBAC for months now, I recommend switching to 6.1.

As usual, you get all the code at https://download.rsbac.org/latestdiff/ or through Git at git.rsbac.org/, e.g. git.rsbac.org/linux-6.1.y

RSBAC 1.5.6 for kernel 6.1

Wednesday, 15/Feb/2023

Hi folks,

RSBAC has been ported to kernel 6.1 at 5.15 state. Seems to be running fine on my test system, but please test yourself and report to the mailing list or to the bug tracker.

You get all the code at https://download.rsbac.org/latestdiff/ or through Git at git.rsbac.org/, e.g. git.rsbac.org/linux-6.1.y

RSBAC has been running very well with kernel series 5.10 for a long time, so please consider 5.10 to be the best choice for now.

RSBAC 1.5.6 for kernel 5.15

Tuesday, 09/Nov/2021

Hi folks,

just a quick notice that RSBAC has been ported to kernel 5.15 at 5.10 state. Seems to be running fine on my test system, but please test yourself and report here or to the bug tracker.

In 1.5.6, found in 5.15, 5.10 and rsbac-admin Git repos, we have a new IPC target memfd, which lets memfd access be treated as IPC for easier administration.

You get all the code at https://download.rsbac.org/latestdiff/ or through Git at git.rsbac.org/, e.g. git.rsbac.org/linux-5.15.y

RSBAC has been running very well with kernel series 5.10 for a long time, so please consider 5.10 to be the best choice for now.

RSBAC for kernel 5.10

Thursday, 31/Dec/2020

RSBAC is now available for kernel 5.10. So far it seems to work fine here. Please test and report bugs to the bugtracker at https://bugtracker.rsbac.org or to this list.

As usual, you find the latest patches at https://download.rsbac.org/latestdiff/5.10/ and the Git repo at https://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-5.10.y.git;a=summary

As we are heading into 2021, we wish all of you a good and successful new year. RSBAC development will turn 25 years old in 2021, maybe a good time for some celebration and reflection.

Decision modules PAX and DAZ removed

Wednesday, 22/Apr/2020

PAX and DAZ modules have been removed in latest kernel 5.4 and rsbac-admin git repos. RSBAC version is now 1.5.5 to reflect that change.

Deprecate decision modules PAX and DAZ

Tuesday, 31/Mar/2020

PAX and DAZ support are now marked as deprecated. PaX has not been freely available for years and the Dazuko interface seems obsolete, too. For on-access malware scanning, I recommend the UDF module.

If noone protests within the next few weeks, I am going to remove the related code.

RSBAC for kernel 5.4

Wednesday, 27/Nov/2019

RSBAC has been ported to kernel 5.4. Please test and report bugs to the bugtracker at https://bugtracker.rsbac.org or to this list.

As usual, you find the latest patches at https://download.rsbac.org/latestdiff/5.4/ and the Git repo at https://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-5.4.y.git;a=summary

New DokuWiki version

Monday, 14/Jan/2019

The RSBAC Website DokuWiki version has been updated today.

Please test and report any problems!

RSBAC ported to 4.19

Tuesday, 30/Oct/2018

Latest RSBAC for kernel 4.19 is now available in Git at git://git.rsbac.org/linux-4.19.y.git

Diffs will start showing up at https://download.rsbac.org/latestdiff/ after release of 4.19.1.

Please test and report any problems!

As a side node, I will start removing old unsupported Git repositories, EOL at upstream and unchanged for > 10 months, from the server soon. Please tell me, if you still need them.

Latest RSBAC patches

Wednesday, 11/April/2018

Even though this page has not been updated for a long time, RSBAC is still under constant development and maintenance. Latest code has always been available through git.

From now on, you can also find the latest RSBAC patches for the maintained kernel versions in the latestdiff download dir.

RSBAC 1.5.0

Tuesday, 13/September/2016

RSBAC 1.5.0 has been released for kernel 4.4.20. Please drop us a note if you need support for other kernel versions.

The most important changes since 1.4.9 are the port to longterm kernel 4.4 and the new feature “Prevent memory write and execute (RSBAC mprotect)” to prevent against process memory segments being both writable and executable. This new hardening feature made me choose a new middle version number.

The change lists are here: Kernel changes: http://www.rsbac.org/dl.php?file=code/1.5.0/changes-1.5.0.txt

Admin tools changes: http://www.rsbac.org/dl.php?file=code/1.5.0/admin-changes-1.5.0.txt

Please consider giving some feedback on the RSBAC mailing list.

//
home.txt · Last modified: 2024/01/11 09:51 by ao

home.txt · Last modified: 2024/01/11 09:51 by ao
This website is kindly hosted by m-privacy