Hi,
RSBAC has been ported successfully to LTS kernel 6.6. Internal kernel
changes to the Linux caps structure required new on-disk versions of all
RSBAC lists holding cap vectors.
I took the chance to default CONFIG_RSBAC_MOVETO to yes with 6.6 and
auto-adjust RC and ACL FD lists with new versions, too. Existing WRITE
right to FD targets gets amended with MOVETO during list upgrade to
avoid unexpected behaviour.
The automatic list version upgrades mean that going back to previous
kernels might show invalid lists, you need to boot with
rsbac_list_recover kernel parameter and set cap related and RC and ACL
FD values again.
In my tests, 6.6 seems to be running pretty well, please give it a try
and report.
Amon.
--
https://www.rsbac.org
GnuPG: E25D2F7B0C561382570DB487DC2A69DA870FE7FF 2018-03-20
