> Remember that RSBAC does not work with PaX on a recent kernels. If you
> really want more security with Linux, PaX is the first and the most
> important thing you should consider. It aims to prevent exploits from
> working, while MAC/RBAC/RSBAC fights the consequences in userspace and
> does little to protect against the kernel exploits.

RSBAC with PaX works with new kernels, you can patch it yourself or
you can download one kernel that is already patched from
http://enhanced.rsbac.org/2.6/2.6.31/.

> A server without PaX is barely a better choice.

The same as before, PaX runs with rsbac in new kernels