Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
_-TS RSBAC FAQ TE-_
Permission revocation is sometimes considered as part of every MAC system. We do not implement support for revocation for a number of reasons. What we do is fine grained access control instead of revocation. For example, a file stays opened, but you cannot read or write any more. Also implementing revocation would be an very ugly thing and possibly would harm data consistency.
We're trying to deal with them as much as possible - even if there will always be some possible to find. It's a more work than just for a MAC system - would require rewriting a large parts of operating system and (for better) results even preparing ready to use machines (selected OS+improvments on a specific hardware). The problem is - covert channels are just every possible paths where uncontrolled information might be passed. Althought we control IPC and similar mechanisms covert channels are hardly possible to avid - think about limitting transsmision rate as a way to pass information, timing attacks…
No, once you log in and TTL goes out, you won't be disconnected. Login application (be it /sbin/login or sshd) just will not be allowed to setuid(gid) any more to subject uid - hence that user won't log in.
Access will be immidiatelly denied - what's going to happen depends on right one is going to be denied. Say, when a READ right will time out on a FILE target, one won't be able to read from a file even more. Look also at question about permission revocation.
Make sure you have the dialog package installed from your distribution.
Dialog tool is known to have broken the original support for this feature. You can use a version supporting this feature here:
Make sure RSBAC libs are installed. If you installed manually, they are probably in /usr/local/lib.
On some Linux distributions, this path is not in the default settings. Edit “/etc/ld.so.conf” and add a line “/usr/local/lib”, then save and run the “ldconfig” command.
Look at RSBAC + Virtualization systems