https://www.rsbac.org/ 2026-05-12T20:39:07+00:00 https://www.rsbac.org/ https://www.rsbac.org/lib/tpl/rsbac/images/favicon.ico text/html 2006-05-02T13:40:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/acronyms?rev=1146577225&do=diff Acronyms There are many, many different acronyms in projects such as RSBAC. This page lists the most important ones, directly or not directly related to RSBAC Note that you often have acronyms underlined in the website. By moving your mouse cursor over them, you can get a direct description. text/html 2007-02-19T15:14:44+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/benchmarks?rev=1171898084&do=diff Recent benchmarks * RSBAC 1.3.2rc2 (with FD cache) * RSBAC 1.2.3 Archives * 2.4.19-UP-RSBAC-v1.2.1-Celeron-333-256MB * 2.4.18-UP-RSBAC-v1.2.0-pre6-Celeron-333-256MB * 2.4.6-UP-RSBAC-v1.1.2-pre8-Celeron-333-256MB * 2.4.3-SMP-RSBAC-v1.1.1-PIII-866-1GB-Raid-5 * 2.2.18-UP-RSBAC-v1.1.0-P-100-64MB text/html 2006-05-02T13:40:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/coding_practices?rev=1146577225&do=diff First rule is: You should not write code for yourself. If you do, no one will be able to work on your project. Code should be clear and concise at all time. Functionality should not be duplicated. Comments should be sharp and precise when possible. text/html 2007-05-16T10:06:49+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/doxygen?rev=1179310009&do=diff Doxygen is a tool which can extract the code structure of our source files, for an easy visualisation. Looking for a function documentation ? Want to see all RSBAC functions ? It's all in there. * Doxygen documentation for 1.3.4 * Doxygen documentation for 1.2.6 * Doxygen documentation for 1.2.5 * Doxygen documentation for 1.2.4 * Doxygen text/html 2006-06-13T14:34:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/faq?rev=1150209274&do=diff _-TS RSBAC FAQ TE-_ Is there any support for permissions revocation in RSBAC? Permission revocation is sometimes considered as part of every MAC system. We do not implement support for revocation for a number of reasons. What we do is fine grained access control instead of revocation. For example, a file stays opened, but you cannot read or write any more. Also implementing revocation would be an very ugly thing and possibly would harm data consistency. text/html 2007-05-27T10:49:09+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/features?rev=1180262949&do=diff RSBAC Features This document list the features provided by RSBAC. In other words, this is what you get by running a RSBAC kernel. Currently non ordered, non complete list * Read-only mode (no attribute writing, for testing) * Transactions support (policy changes can be made atomically) text/html 2006-05-02T13:40:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/memory_allocation?rev=1146577225&do=diff Basics For different tasks it is necessary to allocate a chunk of memory. Especially in the Linux kernel, stack space is pretty tight, so you quite often cannot simply declare some large variable and hope it works out. The usual way to allocate kernel memory is using kmalloc/kfree for rather small amounts (allocated continuously as real memory) and vmalloc/vfree (virtual memory) for large sizes. Unfortunately, you have to find out yourself, which method is better. kmalloc will fail, if you try… text/html 2006-11-27T17:48:11+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/mod_rsbac?rev=1164649691&do=diff Apache RSBAC module General This is the RC logic and usage of the new Apache module mod_rsbac for virtual servers (also works with directories). The target is to have completely separated virtual domains (or directories) without the overhead of forking new processes and/or executing a helper program like text/html 2006-05-02T13:40:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/persistent_generic_lists?rev=1146577225&do=diff Basics Generic list management provides an infrastructure to simply define and register a list or a list of sublists, which can optionally be kept persistent or have a /proc/rsbac-info/backup entry. All management, like SMP locking, on-disk storage etc., is done internally without bothering the registering module. text/html 2009-01-12T11:49:59+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook?rev=1231760999&do=diff RSBAC Handbook * Preface * Recent Changes * Feedback * Conventions Used * Acknowledgements * Contacts * Development * Professional Support * Introduction to RSBAC * History * Feature List * Design Goals * Areas of Use * Compatibility * Architecture and Implementation * Subjects and Objects * Request Types * Framework Components * Access Control Enforcement Facility (AEF) * Access Control Decision Facility (ADF) * Data Structures C… text/html 2006-05-02T13:40:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/why_rsbac_does_not_use_lsm?rev=1146577225&do=diff RSBAC and LSM Introduction After weeks of reflecting and some discussions with other security developers and users, I have decided to throw Linux Security Modules (LSM) support out of the RSBAC code and return to the original hooks. RSBAC has been ported to 2.6.0-test5 (just updated to -test7) as the current 1.2.3-pre1. The port uses LSM hooks, where available and applicable, and RSBAC hooks otherwise. Certainly, I might have misunderstood some code and could have argued with the LSM project … text/html 2006-05-21T10:01:25+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/write_your_decision_module?rev=1148205685&do=diff Basics REG itself is not a decision module. It is an interface to register your own decision module, which can, but need not, be implemented as a Linux kernel module. It allows registration for all relevant calls to decision code as well as for maintenance calls to the data structure implementation. From 1.1.1-pre4 onwards, it also allows for registration of system call functions to the REG syscall dispatcher.