todo
Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
todo [2009/09/30 22:52] 127.0.0.1 (old revision restored) |
todo [2009/10/12 12:15] 127.0.0.1 (old revision restored) |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| The RSBAC development team.// | The RSBAC development team.// | ||
| + | |||
| + | === Done in svn === | ||
| + | |||
| + | * CAP and RC learning modes with global activation | ||
| + | * Learn into transactions | ||
| === Planned for the next release 1.5 === | === Planned for the next release 1.5 === | ||
| Line 10: | Line 15: | ||
| * CAP learning mode for single programs. (possibly 1.4 feature) | * CAP learning mode for single programs. (possibly 1.4 feature) | ||
| * Persistent transactions, preserved between reboots. | * Persistent transactions, preserved between reboots. | ||
| - | * RC learning mode - per subject, with object types already set before learning. Learn only access rights. Use transactions for saving learning informations. Compare policy before and after learning. | + | * RC learning mode - per role, with object types already set before learning. Learn only access rights. Use transactions for saving learning informations. Compare policy before and after learning. |
| * Per-target log settings for USER, GROUP, SCD, using log_array_low and log_array_high like for FD, DEV, NETOBJ. | * Per-target log settings for USER, GROUP, SCD, using log_array_low and log_array_high like for FD, DEV, NETOBJ. | ||
| * Real model driven logging model - extend the decision return code to also signal whether this module requests logging. Still, we could use the object based logging rules for other targets than FD, DEV and NETOBJ. Note that these rules can also suppress logging - the decision extension could only request logging. (make possible to implement all audit policies in official and bussines use) | * Real model driven logging model - extend the decision return code to also signal whether this module requests logging. Still, we could use the object based logging rules for other targets than FD, DEV and NETOBJ. Note that these rules can also suppress logging - the decision extension could only request logging. (make possible to implement all audit policies in official and bussines use) | ||
| Line 18: | Line 23: | ||
| * Include patches for standard system tools like ps,top,ls. | * Include patches for standard system tools like ps,top,ls. | ||
| * (maybe - michal) Implement RSBAC in Xen hypervisor for inter-domain access control. There is actualy less to be done than for linux - not so many requests and interceptions. That would allow RSBAC to control how Xen domains can communicate with each other, possibly securing virtual machines against unknown vulnerabilities in Xen (that would normaly allow guests to break out from Xen and reach physical machine). | * (maybe - michal) Implement RSBAC in Xen hypervisor for inter-domain access control. There is actualy less to be done than for linux - not so many requests and interceptions. That would allow RSBAC to control how Xen domains can communicate with each other, possibly securing virtual machines against unknown vulnerabilities in Xen (that would normaly allow guests to break out from Xen and reach physical machine). | ||
| + | * Wrappers for rpm and dpkg to backup and restore attributes on package updates. | ||
| === After 1.5 === | === After 1.5 === | ||
| Line 28: | Line 34: | ||
| * ACL learning mode for RC roles and other target types. | * ACL learning mode for RC roles and other target types. | ||
| * Tool to see all RSBAC managed properties applied to one object. | * Tool to see all RSBAC managed properties applied to one object. | ||
| - | * More fine grained locking for hashed lists - or use RCU etc. (done on some parts?) | ||
| - | * Wrappers for rpm and dpkg to backup and restore attributes on package updates. | ||
| * Solution for rsbac_list_get_all_* with very long lists (>100000 entries), e.g. allow to specify an offset. | * Solution for rsbac_list_get_all_* with very long lists (>100000 entries), e.g. allow to specify an offset. | ||
todo.txt · Last modified: 2011/08/11 12:21 by 127.0.0.1