http://selinuxproject.org/w/?title=TypeEnforcement&limit=500&action=history&feed=atom TypeEnforcement - Revision history 2024-03-28T13:20:06Z Revision history for this page on the wiki MediaWiki 1.23.13 http://selinuxproject.org/w/?title=TypeEnforcement&diff=1019&oldid=prev Jaxelson at 20:25, 31 August 2010 2010-08-31T20:25:29Z <p></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 20:25, 31 August 2010</td> </tr><tr><td colspan="2" class="diff-lineno">Line 1:</td> <td colspan="2" class="diff-lineno">Line 1:</td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">''See Also: [[NB TE|Type Enforcement (Notebook)]]''</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Type enforcement is the primary access control mechanism in SELinux.&#160; For an access to succeed, it must be allowed by type enforcement rules, at a minimum.&#160; The other mechanisms, such as roles, are used to constrain what access is allowed.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Type enforcement is the primary access control mechanism in SELinux.&#160; For an access to succeed, it must be allowed by type enforcement rules, at a minimum.&#160; The other mechanisms, such as roles, are used to constrain what access is allowed.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> </table> Jaxelson http://selinuxproject.org/w/?title=TypeEnforcement&diff=790&oldid=prev ChrisPeBenito: New page: Type enforcement is the primary access control mechanism in SELinux. For an access to succeed, it must be allowed by type enforcement rules, at a minimum. The other mechanisms, such as r... 2009-11-04T16:02:59Z <p>New page: Type enforcement is the primary access control mechanism in SELinux. For an access to succeed, it must be allowed by type enforcement rules, at a minimum. The other mechanisms, such as r...</p> <p><b>New page</b></p><div>Type enforcement is the primary access control mechanism in SELinux. For an access to succeed, it must be allowed by type enforcement rules, at a minimum. The other mechanisms, such as roles, are used to constrain what access is allowed.<br /> <br /> Type enforcement is an access control system which makes decisions on if an access is allowed based on the type of the source of the access and type of the target of the access. They are also referred to as the subject and object. The subject is an active entity (a process) performing an access. An object, such as a file, directory, or another process, is an entity being accessed. For example, when vim opens a file to be edited, the subject is the vim process and the object is the file.<br /> <br /> As discussed in [[BasicConcepts]], a type is a security attribute. Types are an equivalence class, meaning all subjects and objects in the system which have the same security attributes should have the same type. For example, all shared libraries on the system have the same type, ''lib_t'', since they are all equivalent, in terms of security.<br /> <br /> The SELinux security policy contains the type enforcement rules which describe the accesses that are allowed. The SELinux policy is flexible, unlike other systems which have a fixed policy, such as a Bell-LaPadula/Mult-Level security systems. Many security goals can be encoded into the policy, such as integrity and separation. The current Reference Policy primarily protects the integrity of the system, but secondarily provides role separation. The complexity of SELinux policy is not inherent to SELinux or type enforcement, but rather due to Linux being a complex, general purpose operating system.</div> ChrisPeBenito