RSBAC README for the REG facility.
----------------------------------

If enabled in the kernel configuration, RSBAC REG allows the registration
and unregistration of additional decision modules at runtime, usually from
a kernel module.

These modules register with a name and a chosen magic handle, which can be
used for switching on/off and for unregistration.

By registration, a request (the decision itself), a set_attr (called after 
successful syscall completion) and a need_overwrite (called to determine,
whether a file needs to be securely deleted/truncated) function can be
installed.

Apart from these decision functions some support routines can be registered.
Currently these are write (signal asynchronous attribute writing to disk,
called regularly by rsbacd), mount and umount (a device has been (u)mounted).

However, each of these function pointers can be set to NULL, if
no call of this type is wanted.

All functions are *additional* to the existing functions from builtin
modules, e.g. MAC or RC. This way, they can only further restrict access,
but not grant anything denied by other models.

For examples of builtin real decision modules and their functions see
subdirs below rsbac/adf/.

A working example module with simple call counters and a proc pseudo file
for counter display can be found in the reg_sample/ directory.

29/May/99
Amon Ott (ao@compuniverse.com)
