"RSBAC is an open source security extension for current Linux
kernels. It is based on the Generalized Framework for Access
Control (GFAC) by Abrams and LaPadula and provides a flexible
system of access control based on several modules."
"All security relevant system calls are extended by security
enforcement code. This code calls the central decision component,
which in turn calls all active decision modules and generates a
combined decision. This decision is then enforced by the system
"Decisions are based on the type of access (request type), the
access target and on the values of attributes attached to the
subject calling and to the target to be accessed. Additional
independent attributes can be used by individual modules, e.g. the
privacy module (PM). All attributes are stored in fully protected
directories, one on each mounted device. Thus changes to attributes
require special system calls provided."