|
|
Access modes
-
expressed by a combination of security class and fine-grained
permission
-
SELinux currently defines 30 kernel object classes: blk_file capability dir fd fifo_file file filesystem
chr_file ipc key_socket lnk_file msg msgq netif
netlink_socket node packet_socket passwd process
rawip_socket security sem shm socket sock_file system
tcp_socket udp_socket unix_dgram_socket
unix_stream_socket
-
For each class defines a set of fine-grained permissions (ordinarily represented as syscalls)
|