documentation:rsbac_handbook:appendixes:rsbac_reference:targets_and_requests
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
documentation:rsbac_handbook:appendixes:rsbac_reference:targets_and_requests [2006/09/19 15:09]
kang pasted the new request table (more readable) from the handbook 		documentation:rsbac_handbook:appendixes:rsbac_reference:targets_and_requests [2009/01/13 13:35]
127.0.0.1 (old revision restored)
Line 2: Line 2:
 RSBAC restricts access by subjects to objects. The subjects are always RSBAC restricts access by subjects to objects. The subjects are always
 processes, acting on the behalf of a user with certain attributes, like system_role etc. processes, acting on the behalf of a user with certain attributes, like system_role etc.
 +
  
 ==== Targets ==== ==== Targets ====
Line 13: Line 14:
 | DEV     ​|Devices,​ identified by type (char or block), major and minor number| | DEV     ​|Devices,​ identified by type (char or block), major and minor number|
 | IPC     ​|InterProcess Communication:​ Semaphores (sem), Messages (msg), Shared Memory (shm), Sockets (sock)| | IPC     ​|InterProcess Communication:​ Semaphores (sem), Messages (msg), Shared Memory (shm), Sockets (sock)|
 +| UNIXSOCK |Unix sockets|
 | SCD     ​|System Control Data: Objects affecting the whole system. This target type is the only one with a fixed number of objects, identified by number (see below).| | SCD     ​|System Control Data: Objects affecting the whole system. This target type is the only one with a fixed number of objects, identified by number (see below).|
 | USER    |Users as objects, mostly for access control information (ACI).| | USER    |Users as objects, mostly for access control information (ACI).|
Line 51: Line 53:
 | capability ​      ​|Change Linux capabilities| | capability ​      ​|Change Linux capabilities|
 | auth_administration |(only in RC and ACL): AUTH model administration| | auth_administration |(only in RC and ACL): AUTH model administration|
 +
  
 ==== Requests ==== ==== Requests ====
Line 70: Line 73:
 | ADD_TO_KERNEL  ​      |Add a kernel module ​             |DEV\\ FILE\\ NONE |swapon(DEV,​FILE)\\ create_module(NONE)\\ init_module(NONE)| | ADD_TO_KERNEL  ​      |Add a kernel module ​             |DEV\\ FILE\\ NONE |swapon(DEV,​FILE)\\ create_module(NONE)\\ init_module(NONE)|
 | ALTER                |Change IPC control information |IPC                  ​|msgctl(IPC)\\ shmctl(IPC)| | ALTER                |Change IPC control information |IPC                  ​|msgctl(IPC)\\ shmctl(IPC)|
-| APPEND_OPEN ​         |Open to append                  ​|FILE\\ DEV\\ IPC |open(FILE,​DEV)*\\ msgsnd(IPC)*\ sendto(IPC)*\\ sendmsg(IPC)*| +| APPEND_OPEN ​         |Open to append                  ​|FILE\\ DEV\\ IPC\\ FIFO\\ UNIXSOCK ​ |open(FILE,​DEV)*\\ msgsnd(IPC)*\ sendto(IPC)*\\ sendmsg(IPC)*| 
-| CHANGE_GROUP ​        ​|Change active group          ​|IPC\\ PROCESS\\ NONE |setgid(PROC)\\ setregid(PROC)\\ setresgid(PROC)\\ setgroups(PROC)\\ setfsgid(NONE) (for DAC only)\\ shmctl(IPC)\\ msgctl(IPC)| +| CHANGE_GROUP ​        ​|Change active group          |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ ​IPC\\ PROCESS\\ USER\\ NONE |setgid(PROC)\\ setregid(PROC)\\ setresgid(PROC)\\ setgroups(PROC)\\ setfsgid(NONE) (for DAC only)\\ shmctl(IPC)\\ msgctl(IPC)| 
-| CHANGE_OWNER ​        ​|Change owner                     ​|FILE\\ DIR\\ FIFO\\ IPC\\ PROCESS\\ NONE|chown(FILE,​ DIR, FIFO)\\ lchown(FILE,​ DIR, FIFO)\\ fchown(FILE,​ DIR, FIFO)\\ setuid(PROC)*\\ setreuid(PROC)*\\ setresuid(PROC)*\\ setfsuid(NONE) (for DAC only)\\ shmctl(IPC)\\ msgctl(IPC)|+| CHANGE_OWNER ​        ​|Change owner                     ​|FILE\\ DIR\\ FIFO\\ IPC\\ PROCESS\\ SYMLINK\\ NONE|chown(FILE,​ DIR, FIFO)\\ lchown(FILE,​ DIR, FIFO)\\ fchown(FILE,​ DIR, FIFO)\\ setuid(PROC)*\\ setreuid(PROC)*\\ setresuid(PROC)*\\ setfsuid(NONE) (for DAC only)\\ shmctl(IPC)\\ msgctl(IPC)|
 | CHANGE_DAC_EFF_OWNER |Change effective owner           ​|PROCESS ​               |sys_setreuid(PROCESS)\\ sys_setuid(PROCESS)\\ sys_setresuid(PROCESS)| | CHANGE_DAC_EFF_OWNER |Change effective owner           ​|PROCESS ​               |sys_setreuid(PROCESS)\\ sys_setuid(PROCESS)\\ sys_setresuid(PROCESS)|
 | CHANGE_DAC_FS_OWNER ​ |Change file system userid ​       |PROCESS ​               |sys_setreuid(PROCESS)\\ sys_setuid(PROCESS)\\ sys_setresuid(PROCESS)\\ sys_setfsuid(PROCESS)| | CHANGE_DAC_FS_OWNER ​ |Change file system userid ​       |PROCESS ​               |sys_setreuid(PROCESS)\\ sys_setuid(PROCESS)\\ sys_setresuid(PROCESS)\\ sys_setfsuid(PROCESS)|
 | CHDIR                |Change working directory ​        ​|DIR ​                  ​|chdir(DIR)\\ fchdir(DIR)\\ chroot(DIR)| | CHDIR                |Change working directory ​        ​|DIR ​                  ​|chdir(DIR)\\ fchdir(DIR)\\ chroot(DIR)|
 | CLONE                |Fork/clone a process ​            ​|PROCESS ​              ​|fork(PROC)*\\ vfork(PROC)*\\ clone(PROC)*| | CLONE                |Fork/clone a process ​            ​|PROCESS ​              ​|fork(PROC)*\\ vfork(PROC)*\\ clone(PROC)*|
-| CLOSE                |Close opened file etc. Should always be granted.|FILE\\ DIR\\ FIFO\\ DEV\\ IPCNETOBJ(local)|close(FILE,​ DIR, FIFO, DEV, IPC, NETOBJ)*\\ shmdt(IPC)*\\ msgrcv(IPC)*\\ msgsnd(IPC)*\\ send(IPC)*\\ sendto(IPC)*\\ sendmsg(IPC)*\\ recv(IPC)*\\ recvfrom(IPC)*\\ recvmsg(IPC)*| +| CLOSE                |Close opened file etc. Should always be granted.|FILE\\ DIR\\ FIFO\\ DEV\\ IPC\\ UNIXSOCK\\ ​NETOBJ(local)|close(FILE,​ DIR, FIFO, DEV, IPC, NETOBJ)*\\ shmdt(IPC)*\\ msgrcv(IPC)*\\ msgsnd(IPC)*\\ send(IPC)*\\ sendto(IPC)*\\ sendmsg(IPC)*\\ recv(IPC)*\\ recvfrom(IPC)*\\ recvmsg(IPC)*| 
-| CREATE ​              ​|Create object ​                   |DIR (where)\\ IPC\\ USER\\ GROUP\\ NETTEMP\\ NETOBJ(local)|creat(DIR, IPC)*\\ open(DIR, IPC)*\\ mknod(DIR)*\\ mkdir(DIR)*\\ symlink(DIR)*\\ shmget(IPC)*\\ msgget(IPC)*\\ socket(IPC)*\\ accept(IPC)*\\ rsbac_um_add_user(USER)\\ rsbac_um_add_group(GROUP)\\ rsbac_net_temp(NETTEMP)\\ socket(NETOBJ)| +| CREATE ​              ​|Create object ​                   |DIR (where)\\ IPC\\ USER\\ GROUP\\ NETOBJ(local)|create(DIR, IPC)*\\ open(DIR, IPC)*\\ mknod(DIR)*\\ mkdir(DIR)*\\ symlink(DIR)*\\ shmget(IPC)*\\ msgget(IPC)*\\ socket(IPC)*\\ accept(IPC)*\\ rsbac_um_add_user(USER)\\ rsbac_um_add_group(GROUP)\\ rsbac_net_temp(NETTEMP)\\ socket(NETOBJ)| 
-| DELETE ​              ​|Delete object ​                   |FILE\\ DIR\\ FIFO\\ IPC\\ USER\\ NETTEMP|unlink(FILE,​ DIR, FIFO)*\\ rmdir(DIR)*\\ msgctl(IPC)*\\ shmctl(IPC)*\\ shutdown(IPC)*. close(IPC)*\\ rsbac_um_remove_user(USER)\\ rsbac_um_remove_group(GROUP)\\ rsbac_net_temp(NETTEMP)|+| DELETE ​              ​|Delete object ​                   |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ IPC\\ USER\\ GROUP\\ NETTEMP\\ NETOBJ|unlink(FILE,​ DIR, FIFO)*\\ rmdir(DIR)*\\ msgctl(IPC)*\\ shmctl(IPC)*\\ shutdown(IPC)*. close(IPC)*\\ rsbac_um_remove_user(USER)\\ rsbac_um_remove_group(GROUP)\\ rsbac_net_temp(NETTEMP)|
 | EXECUTE ​             |Execute a file                   ​|FILE ​                 |exec()*| | EXECUTE ​             |Execute a file                   ​|FILE ​                 |exec()*|
-| GET_PERMISSIONS_DATA |Read Unix permissions (mode) or password, ioctl on ttys |FILE\\ DIR\\ FIFO\\ DEV\\ USER\\ GROUP|access(FILE,​ DIR, FIFO)\\ ioctl (DEV:tty)\\ rsbac_um_get_user_item(USER)\\ rsbac_um_get_group_item(GROUP)| +| GET_PERMISSIONS_DATA |Read Unix permissions (mode) or password, ioctl on ttys |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ IPC\\ SCD\\ DEV\\ USER\\ GROUP\\ NETOBJ|access(FILE,​ DIR, FIFO)\\ ioctl (DEV:tty)\\ rsbac_um_get_user_item(USER)\\ rsbac_um_get_group_item(GROUP)| 
-| GET_STATUS_DATA ​     |Get status (stat() etc.)         ​|FILE\\ DIR\\ FIFO\\ DEV\\ IPC\\ SCD\\ NETDEV\\ NETOBJ(local)\\ PROCESS|open_port(SCD) (/dev/kmem etc.)\\ open_kcore(SCD) (/​proc/​kcore)\\ stat(FILE, DIR, FIFO, IPC)\\ newstat(FILE,​ DIR, FIFO, IPC)\\ lstat(FILE, DIR, FIFO, IPC)\\ newlstat(FILE,​ DIR, FIFO, IPC)\\ fstat(FILE, DIR, FIFO, IPC)\\ newfstat(FILE,​ DIR, FIFO, IPC)\\ stat64(FILE,​ DIR, FIFO, IPC)\\ lstat64(FILE,​ DIR, FIFO, IPC)\\ fstat64(FILE,​ DIR, FIFO, IPC)\\ statfs(FILE,​ DIR, FIFO)\\ fstatfs(FILE,​ DIR, FIFO)\\ rsbac_stats(SCD)\\ rsbac_check(SCD)\\ rsbac_stats_pm(SCD)\\ rsbac_stats_rc(SCD)\\ rsbac_stats_acl(SCD)\\ rsbac_log(SCD)\\ (access to RSBAC proc-files(SCD))\\ dev_ioctl(NETDEV)\\ arp_ioctl(NETDEV)\\ ip_mroute_setsockopt(SCD network)\\ firewalling code (SCD firewall)\\ quotactl(SCD quota)\\ ioctl (DEV: ide, scsi, etc.)\\ sys_getpgid(PROCESS)\\ sys_getsid(PROCESS)\\ sys_capget(PROCESS)| +| GET_STATUS_DATA ​     |Get status (stat() etc.)         ​|FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ DEV\\ IPC\\ SCD\\ NETDEV\\ NETOBJ(local)\\ PROCESS\\ USER\\ GROUP|open_port(SCD) (/dev/kmem etc.)\\ open_kcore(SCD) (/​proc/​kcore)\\ stat(FILE, DIR, FIFO, IPC)\\ newstat(FILE,​ DIR, FIFO, IPC)\\ lstat(FILE, DIR, FIFO, IPC)\\ newlstat(FILE,​ DIR, FIFO, IPC)\\ fstat(FILE, DIR, FIFO, IPC)\\ newfstat(FILE,​ DIR, FIFO, IPC)\\ stat64(FILE,​ DIR, FIFO, IPC)\\ lstat64(FILE,​ DIR, FIFO, IPC)\\ fstat64(FILE,​ DIR, FIFO, IPC)\\ statfs(FILE,​ DIR, FIFO)\\ fstatfs(FILE,​ DIR, FIFO)\\ rsbac_stats(SCD)\\ rsbac_check(SCD)\\ rsbac_stats_pm(SCD)\\ rsbac_stats_rc(SCD)\\ rsbac_stats_acl(SCD)\\ rsbac_log(SCD)\\ (access to RSBAC proc-files(SCD))\\ dev_ioctl(NETDEV)\\ arp_ioctl(NETDEV)\\ ip_mroute_setsockopt(SCD network)\\ firewalling code (SCD firewall)\\ quotactl(SCD quota)\\ ioctl (DEV: ide, scsi, etc.)\\ sys_getpgid(PROCESS)\\ sys_getsid(PROCESS)\\ sys_capget(PROCESS)| 
-| LINK_HARD ​           |Hard link                        |FILE\\ DIR\\ FIFO|link(FILE,​ DIR, FIFO)| +| LINK_HARD ​           |Hard link                        |FILE\\ DIR\\ FIFO\\ SYMLINK|link(FILE, DIR, FIFO)| 
-| MODIFY_ACCESS_DATA ​  ​|Change access information,​ e.g. time, date|FILE\\ DIR\\ FIFO|utimes(FILE,​ DIR, FIFO)|+| MODIFY_ACCESS_DATA ​  ​|Change access information,​ e.g. time, date|FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK|utimes(FILE,​ DIR, FIFO)|
 | MODIFY_ATTRIBUTE ​    ​|Change an RSBAC attribute value  |All target types (specific request needed for various security models)|| | MODIFY_ATTRIBUTE ​    ​|Change an RSBAC attribute value  |All target types (specific request needed for various security models)||
-| MODIFY_PERMISSIONS_DATA |Change Unix permissions or password|FILE\\ DIR\\ FIFO\\ DEV\\ SCD\\ USER\\ GROUP|ioperm(SCD)\\ iopl(SCD)\\ chmod(FILE, DIR, FIFO)\\ fchmod(FILE,​ DIR, FIFO)\\ ioctl (DEV:​tty)| +| MODIFY_PERMISSIONS_DATA |Change Unix permissions or password|FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ IPC\\ DEV\\ SCD\\ USER\\ GROUP\\ NETOBJ\\ NONE|ioperm(SCD)\\ iopl(SCD)\\ chmod(FILE, DIR, FIFO)\\ fchmod(FILE,​ DIR, FIFO)\\ ioctl (DEV:​tty)| 
-| MODIFY_SYSTEM_DATA ​  ​|Change system settings ​          ​|SCD\\ DEV\\ NETDEV\\ PROCESS\\ NETOBJ(local)|stime(SCD)\\ settimeofday(SCD)\\ adjtimex(SCD)\\ sethostname(SCD)\\ setdomainname(SCD)\\ setrlimit(SCD)\\ syslog(SCD)\\ sysctl(SCD)\\ swapon(SCD)\\ swapoff(SCD)\\ rsbac_log(SCD)\\ dev_ioctl(NETDEV)\\ arp_ioctl(NETDEV)\\ ip_mroute_setsockopt(SCD network)\\ firewalling code (SCD firewall)\\ quotactl(SCD quota)\\ ioctl (ide, scsi, etc.)\\ sched_setscheduler(PROCESS)\\ sched_setaffinity(PROCESS)\\ sys_setpriority(PROCESS)\\ sys_setpgid(PROCESS)\\ sys_setsockopt(NETOBJ)| +| MODIFY_SYSTEM_DATA ​  ​|Change system settings ​          |UNIXSOCK\\ IPC\\ SCD\\ DEV\\ NETDEV\\ PROCESS\\ NETOBJ(local)|stime(SCD)\\ settimeofday(SCD)\\ adjtimex(SCD)\\ sethostname(SCD)\\ setdomainname(SCD)\\ setrlimit(SCD)\\ syslog(SCD)\\ sysctl(SCD)\\ swapon(SCD)\\ swapoff(SCD)\\ rsbac_log(SCD)\\ dev_ioctl(NETDEV)\\ arp_ioctl(NETDEV)\\ ip_mroute_setsockopt(SCD network)\\ firewalling code (SCD firewall)\\ quotactl(SCD quota)\\ ioctl (ide, scsi, etc.)\\ sched_setscheduler(PROCESS)\\ sched_setaffinity(PROCESS)\\ sys_setpriority(PROCESS)\\ sys_setpgid(PROCESS)\\ sys_setsockopt(NETOBJ)| 
-| MOUNT                |Mount a filesystem ​               |DIR\\ DEV|mount(DIR,​ DEV) (separate mount notification for data structures)| +| MOUNT                |Mount a filesystem ​               |FILE\\ ​DIR\\ DEV|mount(DIR,​ DEV) (separate mount notification for data structures)| 
-| READ                 |Read from DIR or NETTEMP. Optional: read from other|DIR\\ ​USER\\ GROUP\\ NETTEMP (optional: FILE\\ FIFO\\ DEV\\ IPC\\ NETOBJ(remote))|read(FILE, FIFO, DEV, IPC, NETOBJ)*\\ readv(FILE, FIFO, DEV, IPC)*\\ pread(FILE, DEV, IPC)*\\ readdir(DIR)\\ open(DIR)\\ rsbac_net_temp(NETTEMP)|+| READ                 |Read from DIR or NETTEMP. Optional: read from other|DIR\\ ​FILE\\ FIFO\\ UNIXSOCK\\ DEV\\ IPC\\ USER\\ GROUP\\ NETTEMP|read(FILE, FIFO, DEV, IPC, NETOBJ)*\\ readv(FILE, FIFO, DEV, IPC)*\\ pread(FILE, DEV, IPC)*\\ readdir(DIR)\\ open(DIR)\\ rsbac_net_temp(NETTEMP)|
 | READ_ATTRIBUTE ​      |Read RSBAC attribute value        |All target types (specific request needed for various security models)|| ​ | READ_ATTRIBUTE ​      |Read RSBAC attribute value        |All target types (specific request needed for various security models)|| ​
-| READ_OPEN ​           |Open for read                     ​|FILE\\ FIFO\\ DEV\\ IPC|open(FILE, FIFO, DEV, IPC)*\\ shmat(IPC)*\\ msgrcv(IPC)*\\ recv(IPC)*\\ recvfrom(IPC)*\\ recvmsg(IPC)| +| READ_OPEN ​           |Open for read                     |FILE\\ DIR\\ FIFO\\ IPC\\ DEV\\ UNIXSOCK|open(FILE, FIFO, DEV, IPC)*\\ shmat(IPC)*\\ msgrcv(IPC)*\\ recv(IPC)*\\ recvfrom(IPC)*\\ recvmsg(IPC)| 
-| READ_WRITE_OPEN ​     |Open for read and write           ​|FILE\\ FIFO\\ DEV\\ IPC|open(FILE,​ FIFO, DEV, IPC)*\\ shmat(IPC)*\\ bind(IPC)*\\ connect(IPC)*\\ listen(IPC)*|+| READ_WRITE_OPEN ​     |Open for read and write           ​|FILE\\ FIFO\\ DEV\\ IPC\\ UNIXSOCK|open(FILE, FIFO, DEV, IPC)*\\ shmat(IPC)*\\ bind(IPC)*\\ connect(IPC)*\\ listen(IPC)*|
 | REMOVE_FROM_KERNEL ​  ​|Remove kernel module ​             |DEV\\ FILE\\ NONE|swapoff(DEV,​FILE)\\ delete_module(NONE)| | REMOVE_FROM_KERNEL ​  ​|Remove kernel module ​             |DEV\\ FILE\\ NONE|swapoff(DEV,​FILE)\\ delete_module(NONE)|
-| RENAME ​              ​|Rename ​                           |FILE\\ DIR\\ FIFO|rename(FILE,​ DIR, FIFO) (RSBAC identification not changed by rename!)| +| RENAME ​              ​|Rename ​                           |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ USER\\ GROUP|rename(FILE,​ DIR, FIFO) (RSBAC identification not changed by rename!)| 
-| SEARCH ​              ​|Lookup in dir or symlink from inside kernel for access with full path, map name to id |DIR\\ SYMLINK\\ USER\\ GROUP| (internal functions lookup_dentry(DIR) / path_walk(DIR) / lookup_hash(DIR) / follow_symlink(SYMLINK))|+| SEARCH ​              ​|Lookup in dir or symlink from inside kernel for access with full path, map name to id |DIR\\ FILE\\ SYMLINK\\ FIFO\\ UNIXSOCK\\ DEV\\ NETOBJ\\ USER\\ GROUP| (internal functions lookup_dentry(DIR) / path_walk(DIR) / lookup_hash(DIR) / follow_symlink(SYMLINK))|
 | SEND_SIGNAL ​         |Send a signal ​                    ​|PROCESS|kill(PROC)| | SEND_SIGNAL ​         |Send a signal ​                    ​|PROCESS|kill(PROC)|
 | SHUTDOWN ​            ​|Shutdown/​reboot system ​           |NONE|reboot(NONE)| | SHUTDOWN ​            ​|Shutdown/​reboot system ​           |NONE|reboot(NONE)|
Line 103: Line 106:
 | TRACE                |Trace a process ​                  ​|PROCESS|ptrace(PROC) (architecture dependent)| | TRACE                |Trace a process ​                  ​|PROCESS|ptrace(PROC) (architecture dependent)|
 | TRUNCATE ​            ​|Truncate ​                         |FILE|open(FILE)*\\ truncate(FILE)*\\ ftruncate(FILE)*\\ truncate64(FILE)*\\ ftruncate64(FILE)*| | TRUNCATE ​            ​|Truncate ​                         |FILE|open(FILE)*\\ truncate(FILE)*\\ ftruncate(FILE)*\\ truncate64(FILE)*\\ ftruncate64(FILE)*|
-| UMOUNT ​              ​|Umount a filesystem ​              |DIRDEV|umount(DIR,​ DEV) (separate umount notification for data structures)| +| UMOUNT ​              ​|Umount a filesystem ​              |FILE\\ ​DIR\\ DEV|umount(DIR,​ DEV) (separate umount notification for data structures)| 
-| WRITE                |Write to a DIR, SCD or NETTEMP. Object moving to target dir. Optional: write to file etc. | DIR\\ SCD\\ USER\\ GROUP (optional: FILE, FIFO, DEV, IPC-sock, NETOBJ(remote))| write(FILE, FIFO, IPC, DEV, NETTEMP)*\\ writev(FILE,​ FIFO, IPC, DEV)*\\ pwrite(FILE,​ IPC, DEV)*\\ rename(DIR)\\ rsbac_write(SCD)\\ rsbac_net_temp(NETTEMP)|+| WRITE                |Write to a DIR, SCD or NETTEMP. Object moving to target dir. Optional: write to file etc. | FILE\\ FIFO\\ DEV\\ UNIXSOCK\\ IPC\\ NETOBJ\\ ​DIR\\ SCD\\ USER\\ GROUP| write(FILE, FIFO, IPC, DEV, NETTEMP)*\\ writev(FILE,​ FIFO, IPC, DEV)*\\ pwrite(FILE,​ IPC, DEV)*\\ rename(DIR)\\ rsbac_write(SCD)\\ rsbac_net_temp(NETTEMP)|
 | WRITE_OPEN ​          |Open for write                    |FILE\\ FIFO\\ DEV\\ IPC|open(FILE,​ FIFO, DEV, IPC)*| ​ | WRITE_OPEN ​          |Open for write                    |FILE\\ FIFO\\ DEV\\ IPC|open(FILE,​ FIFO, DEV, IPC)*| ​
 | MAP_EXEC ​            |Map a library from a file (target FILE) or other code (target NONE) for execution.|FILE\\ NONE|mmap(FILE) (EXEC mode)\\ mprotect(FILE,​ NONE) (EXEC mode)\\ uselib(FILE)| | MAP_EXEC ​            |Map a library from a file (target FILE) or other code (target NONE) for execution.|FILE\\ NONE|mmap(FILE) (EXEC mode)\\ mprotect(FILE,​ NONE) (EXEC mode)\\ uselib(FILE)|
-| BIND                 |Bind network address and port (if applicable) to local socket, bind to network device|NETDEVNETOBJ(local)|dev_ioctl(NETDEV),​ bind()*| +| BIND                 |Bind network address and port (if applicable) to local socket, bind to network device|NETDEV\\ NETOBJ(local)|dev_ioctl(NETDEV),​ bind()*| 
-| LISTEN ​              ​|Listen on a local socket ​         |NETOBJ(local)|listen()*|+| LISTEN ​              ​|Listen on a local socket ​         |UNIXSOCK\\ IPC\\ NETOBJ(local)|listen()*|
 | ACCEPT ​              ​|Accept a connection from a remote network endpoint|NETOBJ(remote)|accept()*| | ACCEPT ​              ​|Accept a connection from a remote network endpoint|NETOBJ(remote)|accept()*|
-| CONNECT ​             |Connect to remote network endpoint|NETOBJ(remote)|connect()*| +| CONNECT ​             |Connect to remote network endpoint|UNIXSOCK\\ IPC\\ NETOBJ(remote)|connect()*| 
-| SEND                 |Fake tty input, send to remote network endpoint|DEV\\ NETOBJ(remote)|ioctl(DEV:​TIOCSTI)\\ send()*\\ sendmsg()*\\ sendto()*| +| SEND                 |Fake tty input, send to remote network endpoint|UNIXSOCK\\ IPC\\ DEV\\ NETOBJ(remote)|ioctl(DEV:​TIOCSTI)\\ send()*\\ sendmsg()*\\ sendto()*| 
-| RECEIVE ​             |Receive from remote network endpoint|NETOBJ (remote)|recv()*\\ recvmsg()*\\ recvfrom()*| +| RECEIVE ​             |Receive from remote network endpoint|UNIXSOCK\\ IPC\\ NETOBJ (remote)|recv()*\\ recvmsg()*\\ recvfrom()*| 
-| NET_SHUTDOWN ​        ​|Shutdown channel of local socket ​ |NETOBJ(local)|shutdown()| +| NET_SHUTDOWN ​        ​|Shutdown channel of local socket ​ |UNIXSOCK\\ IPC\\ NETOBJ(local)|shutdown()| 
-| IOCTL                |Sets various parameters to devices|DEVNETOBJ(local)|sys_ioctl()\\ sock_ioctl()| +| IOCTL                |Sets various parameters to devices|UNIXSOCK\\ IPC\\ DEV\\ NETOBJ(local)|sys_ioctl()\\ sock_ioctl()| 
-| LOCK                 |Lock filesystem objects ​          |FILEDIRFIFOSYMLINK|sys_fcntl(),​ sys_lock|+| LOCK                 |Lock filesystem objects ​          |FILE\\ DIR\\ FIFO\\ SYMLINK\\ UNIXSOCK\\ IPC|sys_fcntl(),​ sys_lock|
  
  
//
documentation/rsbac_handbook/appendixes/rsbac_reference/targets_and_requests.txt · Last modified: 2009/01/13 13:35 by 127.0.0.1

documentation/rsbac_handbook/appendixes/rsbac_reference/targets_and_requests.txt · Last modified: 2009/01/13 13:35 by 127.0.0.1
This website is kindly hosted by m-privacy