A request is an abstraction for an action that a subject wants to
perform on an object. A request can be valid within many object
classes. For example READ_OPEN, which is a
valid request for object classes (target types) FILE,
FIFO, DEV and
IPC object. Let's assume a process want to use
shared memory. To gain access the process will issue the system
call 'shmat()'. Using the RSBAC
terminology we would say this is "a READ_OPEN request
on a target type IPC". We could request the same
on a target type FILE, probably the AEF will have
intercepted the system call 'open()'.
After installation of RSBAC the file /usr/src/linux/Documentation/rsbac/html/targetsrequests.htm. will be present. It contains the detailed list of all intercepted systemcall's and the related object classes. For now I will give just a few examples of system calls intercepted by RSBAC:
| CHANGE_OWNER: set UID on this object |
| DELETE: remove this object |
| READ_OPEN: open this object for reading |
| SEND_SIGNAL: send a signal to this object |
| CLONE: fork a process |
| LINK_HARD: make a hard link |
| MOUNT: mount a device on a directory |
| REMOVE_FROM_KERNEL: remove a module from the kernel |