SELinux [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

SELinux [Electronic resources] - نسخه متنی

Bill McCarty

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

SELinux

Table of Contents

Copyright

Preface

Organization of This Book

Conventions Used in This Book

Using Code Examples

How to Contact Us

Acknowledgments

Chapter 1. Introducing SELinux

1.1 Software Threats and the Internet

1.2 SELinux Features

1.3 Applications of SELinux

1.4 SELinux History

1.5 Web and FTP Sites

Chapter 2. Overview of the SELinux Security Model

2.1 Subjects and Objects

2.2 Security Contexts

2.3 Transient and Persistent Objects

2.4 Access Decisions

2.5 Transition Decisions

2.6 SELinux Architecture

Chapter 3. Installing and Initially Configuring SELinux

3.1 SELinux Versions

3.2 Installing SELinux

3.3 Linux Distributions Supporting SELinux

3.4 Installation Overview

3.5 Installing SELinux from Binary or Source Packages

3.6 Installing from Source

Chapter 4. Using and Administering SELinux

4.1 System Modes and SELinux Tuning

4.2 Controlling SELinux

4.3 Routine SELinux System Use and Administration

4.4 Monitoring SELinux

4.5 Troubleshooting SELinux

Chapter 5. SELinux Policy and Policy Language Overview

5.1 The SELinux Policy

5.2 Two Forms of an SELinux Policy

5.3 Anatomy of a Simple SELinux Policy Domain

5.4 SELinux Policy Structure

Chapter 6. Role-Based Access Control

6.1 The SELinux Role-Based Access Control Model

6.2 Railroad Diagrams

6.3 SELinux Policy Syntax

6.4 User Declarations

6.5 Role-Based Access Control Declarations

Chapter 7. Type Enforcement

7.1 The SELinux Type-Enforcement Model

7.2 Review of SELinux Policy Syntax

7.3 Type-Enforcement Declarations

7.4 Examining a Sample Policy

Chapter 8. Ancillary Policy Statements

8.1 Constraint Declarations

8.2 Other Context-Related Declarations

8.3 Flask-Related Declarations

Chapter 9. Customizing SELinux Policies

9.1 The SELinux Policy Source Tree

9.2 On the Topics of Difficulty and Discretion

9.3 Using the SELinux Makefile

9.4 Creating an SELinux User

9.5 Customizing Roles

9.6 Adding Permissions

9.7 Allowing a User Access to an Existing Domain

9.8 Creating a New Domain

9.9 Using Audit2allow

9.10 Policy Management Tools

9.11 The Road Ahead

Appendix A. Security Object Classes

Appendix B. SELinux Operations

Appendix C. SELinux Macros Defined in src/policy/macros

Appendix D. SELinux General Types

Appendix E. SELinux Type Attributes

Colophon

Index

index_SYMBOL

index_A

index_B

index_C

index_D

index_E

index_F

index_G

index_H

index_I

index_K

index_L

index_M

index_N

index_O

index_P

index_Q

index_R

index_S

index_T

index_U

index_V

index_W

index_X

index_Z
توضیحات
افزودن یادداشت جدید








2.5 Transition Decisions


Access decisions are one of the two basic
kinds of decisions made by the SELinux security server. Transition
decisionswhich are sometimes called
labeling decisionsare the second.

Since every object has a security context, newly created objects must
be labeled with some security context. A transition decision decides
what security context is chosen. Transition decisions come up in two
common contexts:

Process (subject) creation


The new process may run in the same
domain as its parent or in another authorized domain. If the process
runs in another domain, a domain
transition is said to have occurred.


File (object) creation


The new file (or file-like object, such as a directory) may be
labeled with the security context of the directory containing it or
with another authorized domain. If the file's
security context pertains to a domain other than that of the
directory that contains it, a file-type
transitionor, more simply, a
type
transitionis said to have occurred.




In SELinux, the terms domain and
type are synonymous. The term
domain is more often used in reference to
processes, while type is more often used in
reference to passive objects such as files.

Let's first consider
process
creation. Given permission, a running
processcalled
a parent processmay invoke the
exec
syscall, creating a new processcalled
a child processby executing a specified
program file. Generally, the child process runs in the same SELinux
domain as the parent process and receives the same SID and security
context. However, some programs are defined in the SELinux policy as
entry points to domains. When such a program is
executed, the child process is given a new security context having
another domain. The process is said to have
transitioned to a new domain.


Domain transitions occur only subject to policy restrictions. A
process cannot transition to a domain other than one for which it has
been authorized.

Processes can also transition to new domains by using the SELinux
application programming interface (API). Programs that need to make
special transitions (for example, the login and SSH daemons) have
been modified to use the special SELinux APIs that accomplish them.
In order that they not compromise system security, such programs
permit their programmed transitions only under carefully regulated
conditions.

Figure 2-5 illustrates process creation with and
without a domain transition. In the left half of the figure, a user
runs the vi editor in a domain named
vi_t
. When the user executes the
ls command from within vi,
both vi and the ls command
run in the vi_t
domain; no
transition occurs. In the right half of the figure, the Init process
is running in the initrc_t
domain. When
Init starts the SSH service daemon, a domain transition occurs, so
that the SSH service daemon runs in its own domain, the
sshd_t
domain.


Figure 2-5. Process creation and domain transition

Recall that access decisions are generally based on the domain of the
subject and object, along with the class of the object and the
requested action. When a process transitions to a new domain, its
permissions become those associated with the new domain. Thus, the
permissions of processes can be specified with high granularity and
flexibility.

Transition decisions related to file creation
work similarly. By default, a newly created file or file-like object
receives the security context of the directory that contains it.
However, an SELinux policy rule can specify that files created by a
process running in a particular domain are specially labeled. Figure 2-6 illustrates the default situation and a
situation influenced by a policy rule.


Figure 2-6. File creation and transition decisions

In the upper half of Figure 2-6, the
sort utility runs in the
sort_t
domain. The utility creates a temporary
file, /tmp/sorted_result, which receives the
same file type as that of its parent directory,
/tmp; namely, tmp_t
. This
demonstrates automatic inheritance of file type. In the lower half of
the figure, an SELinux policy rule causes explicit assignment of a
special file type. There, the /tmp/log.tmp file
created by the Syslog process receives the file type
syslog_tmp_t
rather than the
file type of its parent directory.


Just as the SELinux API can override process transition decisions, it
can override file creation transition decisions. But only specially
designed and modified programs actually do so.


/ 100