Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Compact way of setting rsbac boot parameters
Recently a new way of setting rsbac boot parameters has been added. To avoid very long boot loader command lines, you can now pass a numerical argument, calculated according to the attached table.
| Boot parameter | Numerical value |
|---|---|
| rsbac_softmode | 1 |
| rsbac_softmode_once | 2 |
| rsbac_softmode_never | 4 |
| rsbac_softmode_freeze | 8 |
| rsbac_um_no_excl | 16 |
| rsbac_auth_learn | 32 |
| rsbac_acl_learn_fd | 64 |
| rsbac_cap_log_missing | 128 |
| rsbac_jail_log_missing | 256 |
| rsbac_dac_disable | 512 |
| rsbac_no_delay_init | 1024 |
| rsbac_no_defaults | 2048 |
| rsbac_nosyslog | 4096 |
| rsbac_cap_process_hiding | 8192 |
As you can see, these are just a power of two, the most simple yet powerful encoding scheme.
Example:
Say you would like to have rsbac_nosyslog, rsbac_cap_process_hiding, rsbac_cap_log_missing, rsbac_jail_log_missing set on every boot (actually it comes from my machines). To achieve this in a traditional way, a very long boot parameter line would have to be used - and remember, it cannot be of arbitrary sizes, it is limited (to 1024 bytes, from what I remember).
With the numerical encoding scheme you just calculate 4096+8192+128+256 = 12672 and write:
rsbac_flags = 12672
as the kernel command line. That's it, compact and elegant.