===== proc Interface =====

If enabled in the kernel configuration, RSBAC adds one directory to the
main proc dir: /proc/rsbac-info. Since proc is treated as a normal read-only fs,
rsbac could not be used.

All successful write accesses are logged via syslog at KERN_INFO level.
The rsbac-info dir contains the following entries:

==== Status ====
  * active: short summary of version, mode and module states, good for scripts
  * stats: shows rsbac status, same contents as sys_rsbac_stats writes into syslog
  * stats_pm (if PM is enabled): shows PM status, same contents as sys_rsbac_stats_pm writes into syslog
  * stats_rc (if RC is enabled): shows RC status
  * stats_auth (if AUTH is enabled): shows AUTH status
  * stats_acl (if ACL is enabled): shows ACL status
  * xstats (if extended status is enabled): shows extended status, e.g. table of call counts for requests and targets
  * devices: shows all rsbac-mounted devices in n:m notation and their no_write status (no_write is set on fd-list read, if wrong version). No_write status can be changed by calling ''echo "devices no_write n:m k" > /proc/rsbac-info/devices'' with n:m as the device in major:minor notation, k is 0 or 1.
  * acl_devices, auth_devices: same for ACL and AUTH data structures
  * versions: shows aci versions for dev and user list and adf request array version for log_level array and the no_write status of each (set on boot, if wrong version is tried to be read). No_write status can be changed by calling ''echo "no_write listname n" >versions'' with listname is one of dev, user, log_levels, n is 0 or 1.

==== System Behaviour ====

  * auto_write (if auto-write is enabled): shows auto write status, currently auto interval in jiffies and auto debug level only. Auto interval can be changed by calling ''echo "auto interval n" > /proc/rsbac-info/auto_write'' with n = number of jiffies, debug level (0 or 1) by calling ''echo "auto debug n" > /proc/rsbac-info/auto_write''.

==== Logging ====

  * log_levels: shows adf log levels for all requests. Log levels can be changed by calling ''echo "log_levels request n" > /proc/rsbac-info/log_levels'' with request = request name, e.g. WRITE, n = level.
  * rmsg (if own logging is enabled): similar to kmsg in main proc dir, logging of RSBAC requests. This file can be used by programs like klogd, or simply make a ''cat rmsg''.
  * Max. number of kernel log messages from RSBAC per second: ''echo "debug syslog_rate n" > /proc/rsbac_info/debug''
  * The RSBAC log buffer size is changed by ''echo "debug rmsg_maxentries n" > debug''
  * The RSBAC remote log buffer size is changed by ''echo "debug log_remote_maxentries n" > debug''
  * Remote logging address and port can be changed with ''echo "debug log_remote_addr a.b.c.d" >debug'' ''echo "debug log_remote_port n" > /proc/rsbac-info/debug''.

==== Model Specific ====

  * auth_caplist (if AUTH is enabled): shows all AUTH capabilities currently set.
  * reg_modules (if REG is enabled): shows currently registered additional decision modules and syscalls.
  * acl_acllist (if ACL is enabled): Detailed listing of all ACL entries and masks in the system.



==== Debug and Softmode Switching ====
  * debug: shows all RSBAC debug settings, softmode, dac_disable and nosyslog.
    * Levels can be changed by calling ''echo "debug name n" > /proc/rsbac-info/debug''. Valid names are ds, aef, auth, no_write, ds_pm, aef_pm, adf_pm, adf_ms, ds_rc, aef_rc, adf_rc, ds_acl, aef_acl, adf_acl, adf_auth, auto, softmode, dac_disable and nosyslog, but only, if shown when reading this file. Valid levels are 0 and 1.
    * Debug levels can be preset to 1 by kernel parameters with same name as variable name shown, e.g. rsbac_debug_ds or rsbac_softmode. 
    * Individual model softmode can be switched by calling ''echo "debug ind_softmode <modname> n" >debug''
    * DAZ cache ttl is set via ''echo "debug daz_ttl n" > /proc/rsbac-info/debug''
    * CAP log missing is set with ''echo "debug cap_log_missing n" >debug''
    * JAIL log missing (new in 1.2.5) is set with ''echo "debug jail_log_missing n" >debug''

==== Backup ====

  * backup subdir: It contains backups of what would be current aci data files. You can use cp for backups of system independent aci data structures, e.g. rc_roles, rc_types, and the admin backup tools for system dependent ones, e.g. file/dir attributes or AUTH file capabilities. Using the backup_all script or single lines from it is however strongly recommended.

\\ 
----
**Table of Contents:** [[documentation:rsbac_handbook|RSBAC Handbook]]\\