In the RSBAC framework, a decision module (rule set) can register decisions, notifications and overwrite decision functions of the ADF at runtime. For administration purposes, system calls can be registered to a handle-based dispatcher. Secret registration handles prevents the change of module's registrations.

The registration (REG) facility let you implement security models as Linux Kernel Modules (LKM), which can be loaded to and unloaded at runtime from the kernel by the system administrator or users with the appropriate clearance. As loadable modules may add unrestricted code into the running kernel, they should normally only be used for development and testing. To prevent misuse of this interface, the runtime registration can be disabled in the kernel configuration.

More details are available at the REG module page.

Next, we will advance to one of the functionalities provided by RSBAC: User Management.

Table of Contents: RSBAC Handbook
Previous: Logging Facility
Next: User Management