tailieunhanh - Ebook SELinux open source security enhanced linux: Phần 2

Part 1 of the book serial ebook SELinux open source security enhanced linux to part 2 of you will continue to learn about relevant issues such as: Type enforcement, ancillary policy statements, customizing SELinux policies. | ABC Amber CHM Converter Trial version http Day Day Up . NEXT . Chapter 7. Type Enforcement The preceding chapter explained role-based access control in SELinux. Role-based access control is a secondary access control model that supplements the primary SELinux access control model type enforcement. This chapter explains the syntax and meaning of SELinux policy declarations related to type enforcement. The chapter concludes with an analysis of a small but typical domain policy the Fedora Core 2 policy for the ping domain which resides in the file . Day Day Up ABC Amber CHM Converter Trial version http Please register to remove this banner ABC Amber CHM Converter Trial version http Day Day Up . NEXT . The SELinux Type-Enforcement Model As explained in Chapter 2 the SELinux type-enforcement model associates each process with a domain and each nonprocess object with a type. 1 Permissions define the operations that can be performed upon objects. Thus you can think of a domain as a set of related processes that share the same permissions. For instance the Apache web server process runs within the httpd_t domain and therefore possesses the permissions associated with that domain. The SELinux policy grants permissions to domains and specifies rules for transitioning between domains. 1 Recall that in the context of SELinux the words domain and type are synonymous however it s customary to use domain in reference to processes and type in reference to nonprocess objects. Permissions are encoded as access vectors which specify the operations that a domain is authorized to perform on objects of a given type such as files. Thus you can think of an object s type as implicitly referring to the set of rules that is the access vector that specify the permissible operations on the object. For instance access vector rules enable processes within the httpd_t domain to write to the

• Cơ sở dữ liệu
• SELinux open source security enhanced linux
• Security enhanced linux
• Type enforcement
• Ancillary policy statements
• Customizing SELinux policies
• Source security enhanced linux
• Introducing SELinux
• The SELinux security model
• Installing and initially configuring SELinux