=>  Releases

Current version
Git/Latestdiff: 1.5.5

Latest Snapshots
Produced after each commit or rebase to new upstream version

RSBAC source code, can be unstable sometimes

=>  Events

No events planned

proc Interface

If enabled in the kernel configuration, RSBAC adds one directory to the main proc dir: /proc/rsbac-info. Since proc is treated as a normal read-only fs, rsbac could not be used.

All successful write accesses are logged via syslog at KERN_INFO level. The rsbac-info dir contains the following entries:


  • active: short summary of version, mode and module states, good for scripts
  • stats: shows rsbac status, same contents as sys_rsbac_stats writes into syslog
  • stats_pm (if PM is enabled): shows PM status, same contents as sys_rsbac_stats_pm writes into syslog
  • stats_rc (if RC is enabled): shows RC status
  • stats_auth (if AUTH is enabled): shows AUTH status
  • stats_acl (if ACL is enabled): shows ACL status
  • xstats (if extended status is enabled): shows extended status, e.g. table of call counts for requests and targets
  • devices: shows all rsbac-mounted devices in n:m notation and their no_write status (no_write is set on fd-list read, if wrong version). No_write status can be changed by calling echo “devices no_write n:m k” > /proc/rsbac-info/devices with n:m as the device in major:minor notation, k is 0 or 1.
  • acl_devices, auth_devices: same for ACL and AUTH data structures
  • versions: shows aci versions for dev and user list and adf request array version for log_level array and the no_write status of each (set on boot, if wrong version is tried to be read). No_write status can be changed by calling echo “no_write listname n” >versions with listname is one of dev, user, log_levels, n is 0 or 1.

System Behaviour

  • auto_write (if auto-write is enabled): shows auto write status, currently auto interval in jiffies and auto debug level only. Auto interval can be changed by calling echo “auto interval n” > /proc/rsbac-info/auto_write with n = number of jiffies, debug level (0 or 1) by calling echo “auto debug n” > /proc/rsbac-info/auto_write.


  • log_levels: shows adf log levels for all requests. Log levels can be changed by calling echo “log_levels request n” > /proc/rsbac-info/log_levels with request = request name, e.g. WRITE, n = level.
  • rmsg (if own logging is enabled): similar to kmsg in main proc dir, logging of RSBAC requests. This file can be used by programs like klogd, or simply make a cat rmsg.
  • Max. number of kernel log messages from RSBAC per second: echo “debug syslog_rate n” > /proc/rsbac_info/debug
  • The RSBAC log buffer size is changed by echo “debug rmsg_maxentries n” > debug
  • The RSBAC remote log buffer size is changed by echo “debug log_remote_maxentries n” > debug
  • Remote logging address and port can be changed with echo “debug log_remote_addr a.b.c.d” >debug echo “debug log_remote_port n” > /proc/rsbac-info/debug.

Model Specific

  • auth_caplist (if AUTH is enabled): shows all AUTH capabilities currently set.
  • reg_modules (if REG is enabled): shows currently registered additional decision modules and syscalls.
  • acl_acllist (if ACL is enabled): Detailed listing of all ACL entries and masks in the system.

Debug and Softmode Switching

  • debug: shows all RSBAC debug settings, softmode, dac_disable and nosyslog.
    • Levels can be changed by calling echo “debug name n” > /proc/rsbac-info/debug. Valid names are ds, aef, auth, no_write, ds_pm, aef_pm, adf_pm, adf_ms, ds_rc, aef_rc, adf_rc, ds_acl, aef_acl, adf_acl, adf_auth, auto, softmode, dac_disable and nosyslog, but only, if shown when reading this file. Valid levels are 0 and 1.
    • Debug levels can be preset to 1 by kernel parameters with same name as variable name shown, e.g. rsbac_debug_ds or rsbac_softmode.
    • Individual model softmode can be switched by calling echo “debug ind_softmode <modname> n” >debug
    • DAZ cache ttl is set via echo “debug daz_ttl n” > /proc/rsbac-info/debug
    • CAP log missing is set with echo “debug cap_log_missing n” >debug
    • JAIL log missing (new in 1.2.5) is set with echo “debug jail_log_missing n” >debug


  • backup subdir: It contains backups of what would be current aci data files. You can use cp for backups of system independent aci data structures, e.g. rc_roles, rc_types, and the admin backup tools for system dependent ones, e.g. file/dir attributes or AUTH file capabilities. Using the backup_all script or single lines from it is however strongly recommended.

Table of Contents: RSBAC Handbook

documentation/rsbac_handbook/appendixes/rsbac_reference/proc_interface.txt · Last modified: 2010/10/05 12:48 by

documentation/rsbac_handbook/appendixes/rsbac_reference/proc_interface.txt · Last modified: 2010/10/05 12:48 by
This website is kindly hosted by m-privacy