From Gentoo Wiki
Jump to:navigation Jump to:search
Description This project manages the RSBAC support within Gentoo. This includes providing kernels with RSBAC support (loosely based on the hardened-sources), administration utilities to manage and write strong Gentoo-specific policies.
Project email
IRC channel #gentoo-hardened (webchat)
No lead election date set
(and inherited member(s))
Parent Project Hardened
Project listing

This project is dead

"This project is dead." source: bug #627646 The last member in this project is in retirement bug #277707

Old content

RSBAC is Mandatory Access Control security system based on the GFAC framework logic. It includes standard models, like the Role Compatibility, Access Control Lists and Mandatory Access Control. RSBAC enforces access control rules on your operating system.

Currently we are mostly targeting servers, but desktops will also be supported in the future. The required tool for the policies is still being developed.

What is RSBAC?

RSBAC (Rule Set Based Access Control) is free Open Source (GPL) Linux kernel security extension. RSBAC's main concept is modularity. It uses several well-known and new security models, including MAC, ACLs, PaX and RC among a few others. RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also as extensible as it is modular: you can write your own models for runtime registration. Finally, RSBAC provides an excellent support for the most newest stable and development Linux kernels.It is in production use from January 2000 and has proven to be very stable. You are also suggested to read the more detailed overview.

However, RSBAC itself is not a complete security solution by itself: it only gives the possibility of applying security models. Fortunately, it works well with other Hardened projects to bring you a complete solution.

Planned subprojects

The RSBAC project has the following sub-projects planned:

Project Description
Base Policy RSBAC policy for the core system, including users, administrators, and daemons in the system profile.
Desktop RSBAC support on desktops.


Resources offered by the RSBAC project are:

How do I use this?

RSBAC can be installed new on a system by following the appropriate install guide (listed above) for the system architecture. If there is not an install guide for architecture yet, it is still possible to install by following the Gentoo Handbook. When the system is installed, convert it to RSBAC by using the Quickstart Guide. It is suggested that you use the Hardened profile or use "hardened pie" as system USE flags during this installation.

Converting a preexisting Gentoo installation to RSBAC can be done by following the Quickstart Guide.


To participate in the RSBAC project first join the mailing list at Then ask if there are plans to support something that you are interested in, propose a new sub-project that you are interested in or choose one of the planned sub-projects to work on. You may talk to the developers and users in the IRC channel #gentoo-hardened (webchat) on Libera.Chat for more information or just to chat about the project or any sub-projects. If you don't have the ability to actively help by contributing work we will always need testers to use and audit the RSBAC policies. All development, testing, and productive comments and feedback is greatly appreciated.