RSBAC, a European security solution similar to SELinux, has released the latest stable 1.3 series. The new 1.3 release incorporates file descriptor caching, bringing the level of performance on par with other solutions. Their servers are also running mod_rsbac, an Apache module replacing SuExec without loss of performance due to forking, and with a higher level of privilege separation.
anyone else running mod_rsbac ?
I haven’t personally used it, but like SELinux I think it would be best if it _WAS_ employed everywhere. Considering the number of “How-Tos” out there that disable as one of the first things done, I doubt anyone does.