http://selinuxproject.org/w/?title=NB_Subjects&action=history&feed=atomNB Subjects - Revision history2013-05-20T11:48:02ZRevision history for this page on the wikiMediaWiki 1.10.4http://selinuxproject.org/w/?title=NB_Subjects&diff=1039&oldid=prevJaxelson at 21:05, 13 September 20102010-09-13T21:05:17Z<p></p>
<table border='0' width='98%' cellpadding='0' cellspacing='4' style="background-color: white;">
<tr>
<td colspan='2' width='50%' align='center' style="background-color: white;">←Older revision</td>
<td colspan='2' width='50%' align='center' style="background-color: white;">Revision as of 21:05, 13 September 2010</td>
</tr>
<tr><td colspan="2" align="left"><strong>Line 18:</strong></td>
<td colspan="2" align="left"><strong>Line 18:</strong></td></tr>
<tr><td> </td><td style="background: #eee; font-size: smaller;">----</td><td> </td><td style="background: #eee; font-size: smaller;">----</td></tr>
<tr><td> </td><td style="background: #eee; font-size: smaller;"><references/></td><td> </td><td style="background: #eee; font-size: smaller;"><references/></td></tr>
<tr><td colspan="2"> </td><td>+</td><td style="background: #cfc; font-size: smaller;"></td></tr>
<tr><td colspan="2"> </td><td>+</td><td style="background: #cfc; font-size: smaller;">[[Category:Notebook]]</td></tr>
</table>Jaxelsonhttp://selinuxproject.org/w/?title=NB_Subjects&diff=936&oldid=prevRichardHaines: New page: = Subjects = A subject is an active entity generally in the form of a person, process, or device that causes information to flow among objects or changes the system state. Within SELinux...2010-05-16T14:02:35Z<p>New page: = Subjects = A subject is an active entity generally in the form of a person, process, or device that causes information to flow among objects or changes the system state. Within SELinux...</p>
<p><b>New page</b></p><div>= Subjects =<br />
A subject is an active entity generally in the form of a person, process, or device that causes information to flow among objects or changes the system state. <br />
<br />
Within SELinux a subject is generally an active process and has a security context associated with it, however a process can also be referred to as an object depending on the context in which it is being taken, for example:<br />
<br />
# A running process (i.e. an active entity) is a subject because it causes information to flow among objects or can change the system state.<br />
# The process can also be referred to as an object because each process has an associated object class<ref name="ftn8"><sup>The object class and its associated permissions are explained in the [[ObjectClassesPerms | Process Object Class]] section.</sup></ref> called "process". This process "object", defines what permissions the policy is allowed to grant or deny on the active process. <br />
<br />
An example is given of the above scenarios in the [[NB_Objects#Allowing a Process Access to Resources | Allowing a Process Access to Resources]] section.<br />
<br />
In SELinux subjects can be:<br />
<br />
'''Trusted''' - Generally these are commands, applications etc. that have been written or modified to support specific SELinux functionality to enforce the security policy (e.g. the kernel, init, pam, xinetd and login). However, it can also cover any application that the organisation is willing to trust as a part of the overall system. Although (depending on your paranoia level), the best policy is to trust nothing until it has been verified that it conforms to the security policy. Generally these trusted applications would run in either their own domain (e.g. the audit daemon could run under <tt>auditd_t</tt>) or grouped together (e.g. the semanage and semodule commands could be grouped under <tt>semanage_t</tt>).<br />
<br />
'''Untrusted''' - Everything else.<br />
<br />
<br />
----<br />
<references/></div>RichardHaines