NB RBAC - Revision history http://selinuxproject.org/w/?title=NB_RBAC&action=history Revision history for this page on the wiki en MediaWiki 1.10.4 Sun, 19 May 2013 01:18:06 GMT Jaxelson at 20:49, 13 September 2010 http://selinuxproject.org/w/?title=NB_RBAC&diff=1036&oldid=prev <p></p> <table border='0' width='98%' cellpadding='0' cellspacing='4' style="background-color: white;"> <tr> <td colspan='2' width='50%' align='center' style="background-color: white;">←Older revision</td> <td colspan='2' width='50%' align='center' style="background-color: white;">Revision as of 20:49, 13 September 2010</td> </tr> <tr><td colspan="2" align="left"><strong>Line 13:</strong></td> <td colspan="2" align="left"><strong>Line 13:</strong></td></tr> <tr><td> </td><td style="background: #eee; font-size: smaller;">----</td><td> </td><td style="background: #eee; font-size: smaller;">----</td></tr> <tr><td> </td><td style="background: #eee; font-size: smaller;">&lt;references/&gt;</td><td> </td><td style="background: #eee; font-size: smaller;">&lt;references/&gt;</td></tr> <tr><td colspan="2">&nbsp;</td><td>+</td><td style="background: #cfc; font-size: smaller;"></td></tr> <tr><td colspan="2">&nbsp;</td><td>+</td><td style="background: #cfc; font-size: smaller;">[[Category:Notebook]]</td></tr> </table> Mon, 13 Sep 2010 20:49:12 GMT Jaxelson http://selinuxproject.org/page/Talk:NB_RBAC RichardHaines: New page: = Role-Based Access Control (RBAC) = To further control access to TE domains SELinux makes use of role-based access control (RBAC). This feature allows SELinux users to be associated to on... http://selinuxproject.org/w/?title=NB_RBAC&diff=934&oldid=prev <p>New page: = Role-Based Access Control (RBAC) = To further control access to TE domains SELinux makes use of role-based access control (RBAC). This feature allows SELinux users to be associated to on...</p> <p><b>New page</b></p><div>= Role-Based Access Control (RBAC) =<br /> To further control access to TE domains SELinux makes use of role-based access control (RBAC). This feature allows SELinux users to be associated to one or more roles, where each role is then associated to one or more domain types as shown in the [http://taiga.selinuxproject.org/~rhaines/diagrams/4-RBAC.png Role Based Access Control] diagram. Note that GNU / Linux users are not a direct part of the RBAC feature, they are associated to SELinux users via SELinux specific commands&lt;ref name=&quot;ftn6&quot;&gt;&lt;sup&gt;There are other SELinux utilities that can manage users etc., however this Notebook will only use the core utilities.&lt;/sup&gt;&lt;/ref&gt; such as:<br /> <br /> * '''semanage login'''- That manages the association of GNU / Linux users (or groups of users) to SELinux users.<br /> <br /> * '''semanage user''' - That manages the association of SELinux users to roles. <br /> <br /> The [http://taiga.selinuxproject.org/~rhaines/diagrams/4-RBAC.png Role Based Access Control] diagram shows how the SELinux user and roles are associated within the basic loadable modules that form the simple message filter exercise described in Volume 2.<br /> <br /> SELinux users can be equated to groups or classes of user, for example in the Reference Policy there is &lt;tt&gt;user_u&lt;/tt&gt; for general users with &lt;tt&gt;staff_u&lt;/tt&gt; and &lt;tt&gt;sysadm_u&lt;/tt&gt; for more specialised users. There is also a &lt;tt&gt;system_u&lt;/tt&gt; defined that must never be associated to a GNU / Linux user as it a special identity for system processes and objects.<br /> <br /> <br /> ----<br /> &lt;references/&gt;</div> Sun, 16 May 2010 13:56:09 GMT RichardHaines http://selinuxproject.org/page/Talk:NB_RBAC