=>  Releases

Current version
Git/Snapshot: 1.5.3
Release: 1.5.0

Latest Snapshots
Produced after each commit or rebase to new upstream version

RSBAC source code, can be unstable sometimes

=>  Events

No events planned

OpenSource patches

Thursday, 3/Dec/2009

m-privacy GmbH, the main company funding RSBAC development has opened a new open source website, containing patches and packages for various projects, which you might find interesting.

Specially, you can currently find a few security related patches:

  • Bind9: Disable forwarding for TXT records (against DNS tunneling)
  • OpenSSH: Control access for port forwarding only to specific hosts and ports
  • TigerVNC: Enforce configuration parameters, TLS support
RSBAC 1.4.3

Friday, 27/Nov/2009

RSBAC 1.4.3 has been released for kernel

This release focus on adding new learning mode for the RC and CAP modules. We hope you will enjoy it!

Most Important changes since 1.4.2:

  • Make RCU rate limit boot and runtime configurable
  • Move AUTH auth_program_file kernel-only attribute to GEN program_file
  • Implement CAP learning mode for user and program max_caps
  • Add global RC learning mode for role rights to types
  • Optionally put learning mode results into transactions, one per module
  • Show program path in AUTH learning messages
  • Allow SCD mlock in PM
  • New kernel config RSBAC_SWITCH_BOOT_OFF: ‘Allow to switch modules off with kernel parameter’
  • Show transaction number in learning info messages.
  • Add transaction names for human use and set names for learn transactions.
  • Use -I to backup extra groups in rsbac_usershow backup mode.
  • New rsbac_usermod parameter -I to set a list of extra groups.
  • Add rsbac_usershow -r parameter to add -r to rsbac_useradd in backup mode.
  • Add rsbac_useradd -r and -R parameters to (un)conditionally replace existing.
  • And of course, many bug fixes

The complete lists are available here:



Upgrading from 1.3 or 1.4.x is easy: Compile, install and boot. Some extra checks might require minor adjustments, though.

2.6.31 kernel patch update

Tuesday, 15/Sep/2009

RSBAC 1.4.2 kernel patches and tarballs have been updated to support the latest kernel, 2.6.31. Please note that the common code has been moved to kernel-specific directories since there has been a change to support kernel 2.6.31. kernel patch update

Tuesday, 8/Sep/2009

RSBAC 1.4.2 kernel patches have been updated to support the latest kernel without additional hand patching, for The complete kernel tarballs have also been updated.

Patches, mod_rsbac updates, forum

Tuesday, 16/June/2009

RSBAC 1.4.2 kernel patches have been updated to support the latest kernel, 2.6.30.

mod_rsbac SVN has also been updated, fixing a long standing race condition (albeit not a security issue), that could be triggered when an Apache worker would serve many files in a short amount of time.

mod_rsbac is used in production on rsbac.org and several other web servers.

Finally, we’re happy to announce that we now have a dedicated forum which you’re welcome to use for discussion and questions. Remember that we also have a mailing-list and and irc channel (See: the contact page).

Thanks to Paul D. Robertson for setting up and managing the RSBAC forum.

RSBAC 1.4.2

Friday, 15/May/2009

RSBAC 1.4.2 has been released for kernel We expect a significant speedup and even better SMP scalability from the new RCU based list locking.

There will be no more releases for 2.4 kernels, because new features like RCU require 2.6. Still, 1.4.1 for 2.4.37 is very stable and has no known bugs. Please keep using 1.4.1 for 2.4 like we do. The svn trunk for 2.4 will stay maintained for a while.

Most Important changes since 1.4.0 (somehow we skipped the 1.4.1 announcement):

  • Change generic lists to use RCU instead of rw spinlocks
  • New SCD target videomem on x86 arch to distinguish between video and other kernel memory (SCD kmem) access
  • New config option RSBAC_ENFORCE_CLOSE to really deny close, if decided
  • Check protocol in NETLINK network templates when matching
  • Upgrade to 2.6.29.x, tons of kernel internal API changes again as usual
  • Many small bugfixes

Upgrading from 1.3 or 1.4.x is easy: Compile, install and boot. Some extra checks might require minor adjustments, though.

RSBAC 1.4.0

Thursday, 15/January/2009

RSBAC 1.4.0 has been released for kernels 2.4.37 and (Full announcement)

Most Important changes since 1.3 series:

Upgrading from 1.3 is easy: Compile, install and boot. Some extra checks might require minor adjustments, though.

RSBAC 1.4.0-rc3

Monday, 10/November/2008

RSBAC 1.4.0-rc3 has been released for kernels 2.4.36 and 2.6.27. (Full announcement)

  • New interception review
  • Splitted 2.4 and 2.6 common code
  • Automount support converted for vfsmount usage
  • Long username support in VUM
  • Many bugs fixed

Please note that we plan to release this last candidate as 1.4.0, so please test it as much as possible, thanks!

You can get it at the usual location.


home.txt · Last modified: 2013/09/02 00:07 by tazok
This website is kindly hosted by m-privacy