=>  Releases

Stable: 1.4.8

  • 3.10.y

Patched kernels
Includes vanilla kernel with the RSBAC patch

  • 3.10.29

Enhanced kernels
Combined patches with RSBAC and PaX, less well tested

External RSBAC+PaX
Maintained by m-privacy

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

Targets and Requests

RSBAC restricts access by subjects to objects. The subjects are always processes, acting on the behalf of a user with certain attributes, like system_role etc.

Targets

Objects in RSBAC are called (Access) Targets. They are grouped in Target Types. The following types are defined:

Type Description
FILE Files, including device special files. Identified by device and inode number.
DIR Directories, identified by device and inode number.
FIFO FIFO special files
DEV Devices, identified by type (char or block), major and minor number
IPC InterProcess Communication: Semaphores (sem), Messages (msg), Shared Memory (shm), Sockets (sock)
UNIXSOCK Unix sockets
SCD System Control Data: Objects affecting the whole system. This target type is the only one with a fixed number of objects, identified by number (see below).
USER Users as objects, mostly for access control information (ACI).
PROCESS Processes as objects.
NETDEV Network Device, identified by name.
NETTEMP Network Template, identified by index number. Access control: access to template itself, RC Administration: access to values/settings for both template and NETOBJ, ACL administration: Default ACLs for NETOBJ
NETOBJ Network Object, identified by internal pointer to struct socket. Attribute values mostly inherited from NETTEMP settings.
NETTEMP_NT ACL administration only, ACL entries for NETTEMP objects themselves.
NONE No object associated with this request. In some models (RC, ACL) this is internally changed into SCD target “other”.
FD (Only in tools for convenience, not a real Target): Let the command line tool decide between types FILE and DIR

System Control Data (SCD) targets are these:

Name Description
time_strucs System timer
clock System time and date
host_id Host name
net_id Domain name
ioports Access Control for direct hardware access
rlimit Setting process ressource limits
swap Control of swapping
syslog System log
rsbac RSBAC data in /proc
rsbaclog RSBAC own log
kmem Direct access to kernel memory via proc or device
other Any other SCD not specified separately, otherwise only internal in RC and ACL: Substitute for target NONE (sysctl administration)
network General networking, like routing, arp etc. (Devices are protected as NETDEV targets!)
firewall Firewall settings, packet filter etc.
priority Set scheduler priority (nice value)
sysfs Administrate through sysf
rsbac_remote_log Settings for RSBAC remote logging
quota Quota administration
sysctl Administrate through sysctl
nfsd Kernel NFS server administration
ksyms Kernel symbols
mlock Memory locking
capability Change Linux capabilities
auth_administration (only in RC and ACL): AUTH model administration

Requests

Before access to a target is granted, a request call to the Access Control Decision facility (ADF) is performed. Based on the request type and the target, access can be granted or denied.

RSBAC requests and the system calls they are issued from are listed in the following table. Please note that some requests are only issued under certain conditions, e.g. EXECUTE from mmap() only, if mapping request is for EXEC mode. Also, some calls depend on the kernel configuration settings, e.g. RSBAC net support.

Some calls are done from common helper functions, e.g. do_fork(). Those functions that also perform the rsbac_adf_set_attr() notification call for the request are marked with an *.

Additionally, some requests provide extra data with kernel internal attribute types.
These attributes are:

A_group, A_sockaddr_p, A_signal, A_mode, A_nlink, A_switch_target, A_mod_name, A_request, A_ms_segment, A_trace_request, A_auth_add_f_cap, A_auth_remove_f_cap, A_auth_get_caplist, A_prot_bits.

Please have a look into include/rsbac/types.h for the respective data types.

Request Description Valid Target Types System calls and functions
ADD_TO_KERNEL Add a kernel module DEV
FILE
NONE
swapon(DEV,FILE)
create_module(NONE)
init_module(NONE)
ALTER Change IPC control information IPC msgctl(IPC)
shmctl(IPC)
APPEND_OPEN Open to append FILE
DEV
IPC
FIFO
UNIXSOCK
open(FILE,DEV)*
msgsnd(IPC)*\ sendto(IPC)*
sendmsg(IPC)*
CHANGE_GROUP Change active group FILE
DIR
FIFO
SYMLINK
UNIXSOCK
IPC
PROCESS
USER
NONE
setgid(PROC)
setregid(PROC)
setresgid(PROC)
setgroups(PROC)
setfsgid(NONE) (for DAC only)
shmctl(IPC)
msgctl(IPC)
CHANGE_OWNER Change owner FILE
DIR
FIFO
IPC
PROCESS
SYMLINK
NONE
chown(FILE, DIR, FIFO)
lchown(FILE, DIR, FIFO)
fchown(FILE, DIR, FIFO)
setuid(PROC)*
setreuid(PROC)*
setresuid(PROC)*
setfsuid(NONE) (for DAC only)
shmctl(IPC)
msgctl(IPC)
CHANGE_DAC_EFF_OWNER Change effective owner PROCESS sys_setreuid(PROCESS)
sys_setuid(PROCESS)
sys_setresuid(PROCESS)
CHANGE_DAC_FS_OWNER Change file system userid PROCESS sys_setreuid(PROCESS)
sys_setuid(PROCESS)
sys_setresuid(PROCESS)
sys_setfsuid(PROCESS)
CHDIR Change working directory DIR chdir(DIR)
fchdir(DIR)
chroot(DIR)
CLONE Fork/clone a process PROCESS fork(PROC)*
vfork(PROC)*
clone(PROC)*
CLOSE Close opened file etc. Should always be granted.FILE
DIR
FIFO
DEV
IPC
UNIXSOCK
NETOBJ(local)
close(FILE, DIR, FIFO, DEV, IPC, NETOBJ)*
shmdt(IPC)*
msgrcv(IPC)*
msgsnd(IPC)*
send(IPC)*
sendto(IPC)*
sendmsg(IPC)*
recv(IPC)*
recvfrom(IPC)*
recvmsg(IPC)*
CREATE Create object DIR (where)
IPC
USER
GROUP
NETOBJ(local)
create(DIR, IPC)*
open(DIR, IPC)*
mknod(DIR)*
mkdir(DIR)*
symlink(DIR)*
shmget(IPC)*
msgget(IPC)*
socket(IPC)*
accept(IPC)*
rsbac_um_add_user(USER)
rsbac_um_add_group(GROUP)
rsbac_net_temp(NETTEMP)
socket(NETOBJ)
DELETE Delete object FILE
DIR
FIFO
SYMLINK
UNIXSOCK
IPC
USER
GROUP
NETTEMP
NETOBJ
unlink(FILE, DIR, FIFO)*
rmdir(DIR)*
msgctl(IPC)*
shmctl(IPC)*
shutdown(IPC)*. close(IPC)*
rsbac_um_remove_user(USER)
rsbac_um_remove_group(GROUP)
rsbac_net_temp(NETTEMP)
EXECUTE Execute a file FILE exec()*
GET_PERMISSIONS_DATA Read Unix permissions (mode) or password, ioctl on ttys FILE
DIR
FIFO
SYMLINK
UNIXSOCK
IPC
SCD
DEV
USER
GROUP
NETOBJ
access(FILE, DIR, FIFO)
ioctl (DEV:tty)
rsbac_um_get_user_item(USER)
rsbac_um_get_group_item(GROUP)
GET_STATUS_DATA Get status (stat() etc.) FILE
DIR
FIFO
SYMLINK
UNIXSOCK
DEV
IPC
SCD
NETDEV
NETOBJ(local)
PROCESS
USER
GROUP
open_port(SCD) (/dev/kmem etc.)
open_kcore(SCD) (/proc/kcore)
stat(FILE, DIR, FIFO, IPC)
newstat(FILE, DIR, FIFO, IPC)
lstat(FILE, DIR, FIFO, IPC)
newlstat(FILE, DIR, FIFO, IPC)
fstat(FILE, DIR, FIFO, IPC)
newfstat(FILE, DIR, FIFO, IPC)
stat64(FILE, DIR, FIFO, IPC)
lstat64(FILE, DIR, FIFO, IPC)
fstat64(FILE, DIR, FIFO, IPC)
statfs(FILE, DIR, FIFO)
fstatfs(FILE, DIR, FIFO)
rsbac_stats(SCD)
rsbac_check(SCD)
rsbac_stats_pm(SCD)
rsbac_stats_rc(SCD)
rsbac_stats_acl(SCD)
rsbac_log(SCD)
(access to RSBAC proc-files(SCD))
dev_ioctl(NETDEV)
arp_ioctl(NETDEV)
ip_mroute_setsockopt(SCD network)
firewalling code (SCD firewall)
quotactl(SCD quota)
ioctl (DEV: ide, scsi, etc.)
sys_getpgid(PROCESS)
sys_getsid(PROCESS)
sys_capget(PROCESS)
LINK_HARD Hard link FILE
DIR
FIFO
SYMLINK
link(FILE, DIR, FIFO)
MODIFY_ACCESS_DATA Change access information, e.g. time, dateFILE
DIR
FIFO
SYMLINK
UNIXSOCK
utimes(FILE, DIR, FIFO)
MODIFY_ATTRIBUTE Change an RSBAC attribute value All target types (specific request needed for various security models)
MODIFY_PERMISSIONS_DATA Change Unix permissions or passwordFILE
DIR
FIFO
SYMLINK
UNIXSOCK
IPC
DEV
SCD
USER
GROUP
NETOBJ
NONE
ioperm(SCD)
iopl(SCD)
chmod(FILE, DIR, FIFO)
fchmod(FILE, DIR, FIFO)
ioctl (DEV:tty)
MODIFY_SYSTEM_DATA Change system settings UNIXSOCK
IPC
SCD
DEV
NETDEV
PROCESS
NETOBJ(local)
stime(SCD)
settimeofday(SCD)
adjtimex(SCD)
sethostname(SCD)
setdomainname(SCD)
setrlimit(SCD)
syslog(SCD)
sysctl(SCD)
swapon(SCD)
swapoff(SCD)
rsbac_log(SCD)
dev_ioctl(NETDEV)
arp_ioctl(NETDEV)
ip_mroute_setsockopt(SCD network)
firewalling code (SCD firewall)
quotactl(SCD quota)
ioctl (ide, scsi, etc.)
sched_setscheduler(PROCESS)
sched_setaffinity(PROCESS)
sys_setpriority(PROCESS)
sys_setpgid(PROCESS)
sys_setsockopt(NETOBJ)
MOUNT Mount a filesystem FILE
DIR
DEV
mount(DIR, DEV) (separate mount notification for data structures)
READ Read from DIR or NETTEMP. Optional: read from otherDIR
FILE
FIFO
UNIXSOCK
DEV
IPC
USER
GROUP
NETTEMP
read(FILE, FIFO, DEV, IPC, NETOBJ)*
readv(FILE, FIFO, DEV, IPC)*
pread(FILE, DEV, IPC)*
readdir(DIR)
open(DIR)
rsbac_net_temp(NETTEMP)
READ_ATTRIBUTE Read RSBAC attribute value All target types (specific request needed for various security models)
READ_OPEN Open for read FILE
DIR
FIFO
IPC
DEV
UNIXSOCK
open(FILE, FIFO, DEV, IPC)*
shmat(IPC)*
msgrcv(IPC)*
recv(IPC)*
recvfrom(IPC)*
recvmsg(IPC)
READ_WRITE_OPEN Open for read and write FILE
FIFO
DEV
IPC
UNIXSOCK
open(FILE, FIFO, DEV, IPC)*
shmat(IPC)*
bind(IPC)*
connect(IPC)*
listen(IPC)*
REMOVE_FROM_KERNEL Remove kernel module DEV
FILE
NONE
swapoff(DEV,FILE)
delete_module(NONE)
RENAME Rename FILE
DIR
FIFO
SYMLINK
UNIXSOCK
USER
GROUP
rename(FILE, DIR, FIFO) (RSBAC identification not changed by rename!)
SEARCH Lookup in dir or symlink from inside kernel for access with full path, map name to id DIR
FILE
SYMLINK
FIFO
UNIXSOCK
DEV
NETOBJ
USER
GROUP
(internal functions lookup_dentry(DIR) / path_walk(DIR) / lookup_hash(DIR) / follow_symlink(SYMLINK))
SEND_SIGNAL Send a signal PROCESSkill(PROC)
SHUTDOWN Shutdown/reboot system NONEreboot(NONE)
SWITCH_LOG Change RSBAC log settings NONErsbac_adf_log_switch(NONE)
SWITCH_MODULE Switch decision module on/off NONErsbac_switch(NONE)
TERMINATE End of calling process, for attribute cleanup. Should always be granted.PROCESSexit(PROC)
TRACE Trace a process PROCESSptrace(PROC) (architecture dependent)
TRUNCATE Truncate FILEopen(FILE)*
truncate(FILE)*
ftruncate(FILE)*
truncate64(FILE)*
ftruncate64(FILE)*
UMOUNT Umount a filesystem FILE
DIR
DEV
umount(DIR, DEV) (separate umount notification for data structures)
WRITE Write to a DIR, SCD or NETTEMP. Object moving to target dir. Optional: write to file etc. FILE
FIFO
DEV
UNIXSOCK
IPC
NETOBJ
DIR
SCD
USER
GROUP
write(FILE, FIFO, IPC, DEV, NETTEMP)*
writev(FILE, FIFO, IPC, DEV)*
pwrite(FILE, IPC, DEV)*
rename(DIR)
rsbac_write(SCD)
rsbac_net_temp(NETTEMP)
WRITE_OPEN Open for write FILE
FIFO
DEV
IPC
open(FILE, FIFO, DEV, IPC)*
MAP_EXEC Map a library from a file (target FILE) or other code (target NONE) for execution.FILE
NONE
mmap(FILE) (EXEC mode)
mprotect(FILE, NONE) (EXEC mode)
uselib(FILE)
BIND Bind network address and port (if applicable) to local socket, bind to network deviceNETDEV
NETOBJ(local)
dev_ioctl(NETDEV), bind()*
LISTEN Listen on a local socket UNIXSOCK
IPC
NETOBJ(local)
listen()*
ACCEPT Accept a connection from a remote network endpointNETOBJ(remote)accept()*
CONNECT Connect to remote network endpointUNIXSOCK
IPC
NETOBJ(remote)
connect()*
SEND Fake tty input, send to remote network endpointUNIXSOCK
IPC
DEV
NETOBJ(remote)
ioctl(DEV:TIOCSTI)
send()*
sendmsg()*
sendto()*
RECEIVE Receive from remote network endpointUNIXSOCK
IPC
NETOBJ (remote)
recv()*
recvmsg()*
recvfrom()*
NET_SHUTDOWN Shutdown channel of local socket UNIXSOCK
IPC
NETOBJ(local)
shutdown()
IOCTL Sets various parameters to devicesUNIXSOCK
IPC
DEV
NETOBJ(local)
sys_ioctl()
sock_ioctl()
LOCK Lock filesystem objects FILE
DIR
FIFO
SYMLINK
UNIXSOCK
IPC
sys_fcntl(), sys_lock



Table of Contents: RSBAC Handbook

 

documentation/rsbac_handbook/appendixes/rsbac_reference/targets_and_requests.txt · Last modified: 2009/01/13 13:35 by kang
This website is kindly hosted by m-privacy