NSA Security-enhanced Linux  Home ToC Prev Up Next 
Types of AC
DTE model
SELinux TE
+Access modes
Type declaration
AV rules
Transitions
Change rules
Assertions
RBAC model
MLS model
FLASK
SecDecs
Conclusion
  

Access modes

  • expressed by a combination of security class and fine-grained permission

  • SELinux currently defines 30 kernel object classes:

    blk_file capability dir fd fifo_file file filesystem 
chr_file ipc key_socket lnk_file msg msgq netif 
netlink_socket node packet_socket passwd process 
rawip_socket security sem shm socket sock_file system 
tcp_socket udp_socket unix_dgram_socket 
unix_stream_socket

  • For each class defines a set of fine-grained permissions (ordinarily represented as syscalls)
Copyright © 2004 Pavol Lupták  Prev Next