RSBAC Changes in recent versions
--------------------------------
1.4.1:
	- Support NETLINK protocol ANY to match any proto.
	- Various fixes in menus (thanks zbyniu)
	- Do not backup SCD names.
	- Append cross-referenced per-type list of role rights to rc_get_item htmlprint.
	- Fix rc_get_item -0 backup: Really print lines without rights.
	- Start RBAC REG sample - going to be an RBAC standard model implementation.
	- Add SCD target videomem.
1.4.0:
	- Added support for VUM.
	- PAM module does not send a message "User not authenticated" anymore if authentication failed. (To match other PAM modules behavior).
	- Made PAM password prompt standard and definable to RSBAC's custom prompt if the user wants it only.
	- OTP support for UM.
	- rsbac_useradd -K to copy a user with password.
	Upports from 1.3:
	- Autodetect if architecture is x86_64, in which case LIBDIR becomes /lib64 by default. (User setting still can override this).
	- Removed the IPC menu call from rsbac_process_menu.
	- Updated REG samples to par with the kernel.
	- Added missing request to group request groups.
1.3.5:
	- Libs install again in /usr. Distros will have to link and move files around. Sorry FHS, libtool doesn't like you :)
	- Add tools version strings to rsbac_version output.
1.3.4:
	- rsbac_version missing in rsbac-admin debian package
	- Fix user attribute backup and menu for cap_ld_env.
	- Fix UM password backup output with rsbac_usershow -b -p
	- Uniformized library directory with the LIBDIR variable (make LIBDIR=/lib64 e.g.)
	  Old variables are still functional but are deprecated.
	- Libraries install to /lib by default (especially for UM)
	  Feel free to change to /usr if you aren't using UM or nothing in RSBAC that must run at boot time
1.3.3:
	- English spelling
	- libtool fixes
	- mo files were not generated from target 'all', installation would fail in some cases
1.3.2:
	- Fixed name typo USER=>GROUP in rc_get_item see issue #84
1.3.1:
	- rewritten the way rsbac_jail is entering new namespace.now it works like it
should.

1.3.0:
	- Correct right detection for check list menues.
	- Support role password. Support request type AUTHENTICATE.
	- Add rsbac_version tool to get tools and kernel version.
	- Fix sorting of RC roles in backup.
	- Allow to specify an additional title for rc_get_item htmlprint.
	- Mark invalid rights in "rc_get_item htmlprint" in dark brown.
	- Support cap_ld_env in attr_back_fd.
	- Sort rc_get_item output.
	- Removed custom _syscall* functions you need glibc 2.1+ or uclibc or something that has fPIC aware syscall functions now.
	- Include sys/types.h + asm/types.h instead of linux/types.h for userlan
	- Added a global uninstall target.
	- Small reformatting. Do not show -U option in rsbac_jail help.
	- Explicitely sets HOME SHELL PATH LOGNAME env vars (the whole env being cleared or not).
	- Echo's "Login incorrect" even if user does not exists (no information leak).
	- Preserve TERM env variable in all cases.
	- New JAIL parameter -N, for enclosing jailed process in its private namespace.
	- Add -i option to attr_get_ipc to list all ipcs with non-default attributes
	- Change network template tool net_temp to support multiple INET
addresses and port ranges, remove UNIX address support.
	- Add flag -A to net_temp to add new addresses or ports instead of replacing the old list.

1.2.5:
        - New make based build system.
        - Add attr_{get|set|back}_group, rsbac_group_menu
        - Make all tools print help screen with -h
	- rsbac_list_ta now can now prompt for a password.
	- Tools now attempt to lock passwords into physical memory.
	- New rsbac_auth tool for Squid.
        - Fix RSBAC NSS lib bug related to additional user groups (e.g. id -G
          <user> crashes with segmentation fault).

1.2.4:  - Add user management tools with all {user|group}{add|mod|del}
          functionality
        - Add GROUP target to tools
        - Add PAM and NSSwitch modules to access the new user management
          to contrib dir
        - Cross linked HTML output in rc_get_item htmlprint.
        - Add rsbac_list_ta tool for transaction support for administration:
          begin, add a set of desired changes, commit atomically or forget.
          Change all existing tools to use transaction numbers.
        - Correct role and type values in rc_getname item parameters.
        - Add rc_copy_type
        - Add RC type copying to rsbac_rc_type_menu
        - Add PaX default value switch to attr_back_fd, because PaX defaults
          are now configurable.

1.2.3:  - Made librsbac.a a dynamic lib librsbac.so with version numbers
        - Added PaX module support
        - Added support for new attributes
        - RC pretty-print config output with rc_get_item print
        - Reject unknown usernames in all tools instead of using numerical
          value 0.
        - Fix admin tools segfault when using -V without parameter
        - New rc_get_current_role
        - New mac_set_trusted tool for mac_trusted_for_user with list instead
          of single user.
        - Change ''rsbac_jail'' syntax to make ''chroot()'' and IP address optional
        - New optional rsbac_jail parameter max_caps, which limits the Linux
          capabilities of all processes in the jail
        - New JAIL module regression suite in contrib
        - Added backup of RES user settings
  
1.2.2:  - Added MS need_scan attribute
        - Syscall version numbers
        - New attributes for RES module
        - rsbac_init tool for delayed init
        - New AUTH caps for eff/fd owner in FD menu
        - MAC wrap and attribute changes for new MAC implementation
        - New system role Auditor in user menu

1.2.1:  - Removed target type checks, which are now all in kernel (including
          FD target type).
        - Added recursion support for attr_back_dev.
        - Added JAIL module support
        - Added logging of all RSBAC setting modifications through menues
          (RSBACLOGFILE setting)

1.2.0:  - Added module parameter to all rsbac_get/set_attr calls
        - Updated user menu to use new mac_role etc. instead of system_role
        - Added min/max_cap attributes
        - Changed RC menues to support unlimited roles and types and 32 Bit
          values
        - Added rsbac_dialog, a copy of standard dialog with several
          enhancements (like --menu3 with help button)
        - Changed menues and tools to support new NET targets
        - Added help to all menues
        - Added network and network template menues
        - Added ttl support to ACL tools and menues
        - Added ttl support in RC tools
	- Updated rsbac_dialog and moved to subdir (Thanks to Stanislav again)

1.1.2:  - Changed build process to autoconf/automake (Stanislav Ievlev)
        - Added dialog tool check to menues
        - Added SYMLINK target support to most tools and menues
        - Got REG samples moved from kernel part to examples/reg
        - Removed write_list feature from rsbac_pm
        - added rc_initial_role to FD tools
        - added ff_flag append_only
        - changed tmp file allocation to mktemp
        - added contrib/rsu (RC role-su) by Stanislav Ievlev
        - added linux2acl, a Linux rights to ACL converter
        - attr_back_fd now supports MAC with and without def_inherit

1.1.1:  - Support for FIFO targets added
        - Internationalization added for command line tools, languages ru
          and de
        - attr_[gs]et_fd now support FD target
        - *_back_* now need a switch for *not* writing to stdout

1.1.0:  - 'copy rights to type' added to rc_set_item and rsbac_rc_role_menu

1.0.9c: - acl_rm_user added
        - file/dir selection changed in menues
        - examples/backup_all added
        - new rsbac-klogd

1.0.9b: - Support for 32 Bit Uids/Gids
        - Support for new attributes log_program_based and log_user_based
        - Support for AUTH cap ranges
        - Support for new MAC security levels 0-252
        - Removed obsolete useraci file installation
        - Russian menues and man pages added
          (thanks to our Russian team, see rus/README)

1.0.9a: - Added acl_group for full ACL group administration
        - Updated and changed RC tools for new separation of duty
        - Added ACL menu tools, with necessary additions to command
          line tools
        - Updated menues for new RC force role inherit_up_mixed

1.0.9:  - Added support for long file/dir names and for those with spaces
          to rsbac_fd_menu
        - Changed rc_get_item, rc_set_item and rsbac_rc_role_menu to
          support the changed RC model. The new model distinguishes
          between all requests for role to type compatibility, allowing
          for much finer security settings.
        - Added acl_rights, acl_tlists, acl_grant and acl_mask for
          complete ACL model administration

1.0.8:  - Added RC attributes
        - Wrote RC admin tools: rc_copy_role, rc_get_item, rc_set_item,
          rc_role_wrap
        - Wrote rsbac_rc_role_menu and rsbac_rc_type_menu
        - Added AUTH attributes to file/dir and process tools
        - Wrote AUTH admin tools auth_set_cap and auth_back_cap
        - Added MAC category support to most tools and to most menus
        - Wrote mac_wrap_cat, a simple category wrapper similar to
          mac_wrap for security levels.
        - Made tools compliant to glibc

1.0.7a: - Added recursion to attr_set_fd
        - Added recursive attr_rm_fd and attr_rm_file_dir to reset all
          attribute values to defaults for a target by removing the list
          entry.
        - Added resetting to rsbac_fd_menu

1.0.7:  - Added inherit values to security_level, object_category and
          data_type in rsbac_fd_menu
        - Added menu item to change between effective and real attribute
          values
        - Added support for different screen sizes - if LINES and COLUMNS
          are exported from bash (e.g. in /etc/profile)

1.0.6:  - Changed rsbac_fd_menu and rsbac_process_menu to tristate
          ms_trusted
        - Added attribute ff_flags with bit values to rsbac_fd_menu
        - Added rsbac_check to call sys_rsbac_check(), which checks
          attribute consistency

1.0.5:  - rsbac_write added to call sys_rsbac_write = save attributes now
        - mac_wrap added to start a program with changed maximum security
          level (not the process owner's), e.g. from inetd
        - user_aci.sh added to set default roles with maintenance kernel

1.0.4:  - Attributes mac_trusted_for_user, ms_sock_trusted_tcp/udp added to
          FILE utils
        - Attributes ms_sock_trusted_tcp/udp added to process utils
        - Attributes ms_trusted, ms_sockbuf, ms_str_nr, ms_str_offset,
          ms_scanned added to ipc utils
        - Attribute object_type removed from ipc utils, as in kernel - was
          IPC all the time anyway
        - Adjusted syscall return value interpretation to 2.1 kernels

1.0.3:  - Target DEV added to file/dir utilities. rsbac_dev_menu added.
          Now devices can get their own attributes based
          on major/minor numbers, not only based on their file representations
          in /dev, which can be easily duplicated.
        - Attribute object_type removed from rsbac_fd_menu, was not used anyway
          and removed in rsbac/kernel.
        - attr_back_fd added. (Recursive) backup of all attribute values for
          those files/dirs given in command line. Only non-default values are
          saved. Output script file contains all attr_set_file_dir calls needed
          to restore.
        - Similar attr_back_user and attr_back_dev added.
        - Attributes log_array_low and log_array_high added to file/dir/dev
          utils.
        - Administration menu for (file/dir/dev X request) log levels
          added to rsbac_fd_menu and rsbac_dev_menu.
        - Command line utils also got log_level special options.

20/Apr/2001
Amon Ott <ao@rsbac.org>