SELinux [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

SELinux [Electronic resources] - نسخه متنی

Bill McCarty

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

SELinux

Table of Contents

Copyright

Preface

Organization of This Book

Conventions Used in This Book

Using Code Examples

How to Contact Us

Acknowledgments

Chapter 1. Introducing SELinux

1.1 Software Threats and the Internet

1.2 SELinux Features

1.3 Applications of SELinux

1.4 SELinux History

1.5 Web and FTP Sites

Chapter 2. Overview of the SELinux Security Model

2.1 Subjects and Objects

2.2 Security Contexts

2.3 Transient and Persistent Objects

2.4 Access Decisions

2.5 Transition Decisions

2.6 SELinux Architecture

Chapter 3. Installing and Initially Configuring SELinux

3.1 SELinux Versions

3.2 Installing SELinux

3.3 Linux Distributions Supporting SELinux

3.4 Installation Overview

3.5 Installing SELinux from Binary or Source Packages

3.6 Installing from Source

Chapter 4. Using and Administering SELinux

4.1 System Modes and SELinux Tuning

4.2 Controlling SELinux

4.3 Routine SELinux System Use and Administration

4.4 Monitoring SELinux

4.5 Troubleshooting SELinux

Chapter 5. SELinux Policy and Policy Language Overview

5.1 The SELinux Policy

5.2 Two Forms of an SELinux Policy

5.3 Anatomy of a Simple SELinux Policy Domain

5.4 SELinux Policy Structure

Chapter 6. Role-Based Access Control

6.1 The SELinux Role-Based Access Control Model

6.2 Railroad Diagrams

6.3 SELinux Policy Syntax

6.4 User Declarations

6.5 Role-Based Access Control Declarations

Chapter 7. Type Enforcement

7.1 The SELinux Type-Enforcement Model

7.2 Review of SELinux Policy Syntax

7.3 Type-Enforcement Declarations

7.4 Examining a Sample Policy

Chapter 8. Ancillary Policy Statements

8.1 Constraint Declarations

8.2 Other Context-Related Declarations

8.3 Flask-Related Declarations

Chapter 9. Customizing SELinux Policies

9.1 The SELinux Policy Source Tree

9.2 On the Topics of Difficulty and Discretion

9.3 Using the SELinux Makefile

9.4 Creating an SELinux User

9.5 Customizing Roles

9.6 Adding Permissions

9.7 Allowing a User Access to an Existing Domain

9.8 Creating a New Domain

9.9 Using Audit2allow

9.10 Policy Management Tools

9.11 The Road Ahead

Appendix A. Security Object Classes

Appendix B. SELinux Operations

Appendix C. SELinux Macros Defined in src/policy/macros

Appendix D. SELinux General Types

Appendix E. SELinux Type Attributes

Colophon

Index

index_SYMBOL

index_A

index_B

index_C

index_D

index_E

index_F

index_G

index_H

index_I

index_K

index_L

index_M

index_N

index_O

index_P

index_Q

index_R

index_S

index_T

index_U

index_V

index_W

index_X

index_Z
توضیحات
افزودن یادداشت جدید








2.3 Transient and Persistent Objects


Two kinds of
objects
exist within a Linux system: transient objects and persistent
objects. A transient object has a quite limited
lifetime, often existing merely as a data structure within kernel
space. A process is the most common kind of transient object. SELinux
can directly associate an SID with a transient object by keeping a
memory-resident table that maps transient object identities to SIDs
and thence to security contexts.

In contrast to transient objects,
a
persistent object has an indefinite lifetime.
The most common persistent objects are files and directories. Because
persistent objects, once created, generally exist until
they're destroyed, a persistent object may exist
across several system startups. Thus, a memory-resident table
can't be used to associate persistent objects with
their SIDs, because the contents of
memory-resident tables are lost at system
startup. Therefore, associating a persistent object with its security
context is somewhat complicated.

In general, persistent objects are associated with Linux filesystems,
which can be used to store their security contexts. Several Linux
filesystem types, including the standard ext2
and
ext3
filesystem types, provide an extended
attribute feature that can be enabled during compilation of a Linux
kernel. SELinux uses the extended attribute to store
persistent security
identifiers (PSIDs) on the filesystem. SELinux uses
memory-resident tables to map PSIDs to SIDs, and thence to security


contexts.


An important operation performed when initially installing SELinux
involves creating the PSIDs for persistent objects, a process known
as file labeling, or merely
labeling. A special utility named
setfiles is used to perform the labeling, which
is guided by a database called the file context.
The file context identifies the initial security context that should
be associated with specific files, and a default context that should
be associated with files not explicitly identified in the file
context. Once file labeling is complete, the file context is not
needed except under extraordinary circumstances, such as recovery
from filesystem damage.


/ 100