Does ASL fully support RBAC and Gradm? At the moment RBAC is disabled. Do you have any advise about using it with ASL? Shall we keep it disabled or could use it's features?
Yes its fully supported. The best way to use it is to generate a least privilige policy for your system in learning mode. The process for doing that is documented here:http://en.wikibooks.org/wiki/Grsecurity ... rning_Mode
From there, you will need to tune the policy a little further based on your needs. This will generate a very tight policy, which in practice is a bit too tight for a shared hosting system, so if you are doing shared hosting you'll need to loosen up the policy.