NSA Security-enhanced Linux  Home ToC Prev Up Next 
Types of AC
DTE model
RBAC model
MLS model
FLASK
Initial SIDs
+Constraints
SecDecs
Conclusion
  

Constraints

  • specify additional constraints on permissions in the form of boolean expressions that must be satisfies in order for the specified permissions to be granted

  • boolean expressions can be based on the user identity, role or type attributes 

    constrain process transition ( u1 == u2 or t1 == privuser );
constrain process transition ( r1 == r2 or t1 == privrole );
constrain dir_file_class_set { create relabelto 
relabelfrom } ( u1 == u2 or t1 == privowner );
Copyright © 2004 Pavol Lupták  Prev Next