2.5. RSBAC Requests

A request is an abstraction for an action that a subject wants to perform on an object. A request can be valid within many object classes. For example READ_OPEN, which is a valid request for object classes (target types) FILE, FIFO, DEV and IPC object. Let's assume a process want to use shared memory. To gain access the process will issue the system call 'shmat()'. Using the RSBAC terminology we would say this is "a READ_OPEN request on a target type IPC". We could request the same on a target type FILE, probably the AEF will have intercepted the system call 'open()'.

After installation of RSBAC the file /usr/src/linux/Documentation/rsbac/html/targetsrequests.htm. will be present. It contains the detailed list of all intercepted systemcall's and the related object classes. For now I will give just a few examples of system calls intercepted by RSBAC:

CHANGE_OWNER: set UID on this object
DELETE: remove this object
READ_OPEN: open this object for reading
SEND_SIGNAL: send a signal to this object
CLONE: fork a process
LINK_HARD: make a hard link
MOUNT: mount a device on a directory
REMOVE_FROM_KERNEL: remove a module from the kernel