SELinux [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

SELinux [Electronic resources] - نسخه متنی

Bill McCarty

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

SELinux

Table of Contents

Copyright

Preface

Organization of This Book

Conventions Used in This Book

Using Code Examples

How to Contact Us

Acknowledgments

Chapter 1. Introducing SELinux

1.1 Software Threats and the Internet

1.2 SELinux Features

1.3 Applications of SELinux

1.4 SELinux History

1.5 Web and FTP Sites

Chapter 2. Overview of the SELinux Security Model

2.1 Subjects and Objects

2.2 Security Contexts

2.3 Transient and Persistent Objects

2.4 Access Decisions

2.5 Transition Decisions

2.6 SELinux Architecture

Chapter 3. Installing and Initially Configuring SELinux

3.1 SELinux Versions

3.2 Installing SELinux

3.3 Linux Distributions Supporting SELinux

3.4 Installation Overview

3.5 Installing SELinux from Binary or Source Packages

3.6 Installing from Source

Chapter 4. Using and Administering SELinux

4.1 System Modes and SELinux Tuning

4.2 Controlling SELinux

4.3 Routine SELinux System Use and Administration

4.4 Monitoring SELinux

4.5 Troubleshooting SELinux

Chapter 5. SELinux Policy and Policy Language Overview

5.1 The SELinux Policy

5.2 Two Forms of an SELinux Policy

5.3 Anatomy of a Simple SELinux Policy Domain

5.4 SELinux Policy Structure

Chapter 6. Role-Based Access Control

6.1 The SELinux Role-Based Access Control Model

6.2 Railroad Diagrams

6.3 SELinux Policy Syntax

6.4 User Declarations

6.5 Role-Based Access Control Declarations

Chapter 7. Type Enforcement

7.1 The SELinux Type-Enforcement Model

7.2 Review of SELinux Policy Syntax

7.3 Type-Enforcement Declarations

7.4 Examining a Sample Policy

Chapter 8. Ancillary Policy Statements

8.1 Constraint Declarations

8.2 Other Context-Related Declarations

8.3 Flask-Related Declarations

Chapter 9. Customizing SELinux Policies

9.1 The SELinux Policy Source Tree

9.2 On the Topics of Difficulty and Discretion

9.3 Using the SELinux Makefile

9.4 Creating an SELinux User

9.5 Customizing Roles

9.6 Adding Permissions

9.7 Allowing a User Access to an Existing Domain

9.8 Creating a New Domain

9.9 Using Audit2allow

9.10 Policy Management Tools

9.11 The Road Ahead

Appendix A. Security Object Classes

Appendix B. SELinux Operations

Appendix C. SELinux Macros Defined in src/policy/macros

Appendix D. SELinux General Types

Appendix E. SELinux Type Attributes

Colophon

Index

index_SYMBOL

index_A

index_B

index_C

index_D

index_E

index_F

index_G

index_H

index_I

index_K

index_L

index_M

index_N

index_O

index_P

index_Q

index_R

index_S

index_T

index_U

index_V

index_W

index_X

index_Z
توضیحات
افزودن یادداشت جدید








3.2 Installing SELinux


SELinux can
be installed in three fundamental ways:

As an integral component of a Linux distribution, installed at the
same time as the distribution

By using binary or source packages, such as the
.deb packages used by Debian GNU/Linux; the
ebuilds used by Gentoo Linux; or the RPM packages used by Fedora
Core, Red Hat Enterprise Linux, and SUSE Linux

By downloading, compiling, and installing the sources provided by the
NSA


At the time of writing, only Fedora Core and Gentoo contain SELinux
as a fully supported, native facility. So unless you choose one of
those distributions, you must install SELinux yourself. If you
install SELinux yourself, it's generally much more
convenient to do so using packages. However, prebuilt packages are
not available for every Linux distribution. Those who are unable or
unwilling to use a distribution for which packages are available must
compile the sources provided by the NSA. In many cases, the sources
must be modified in order to work properly with the distinctive
characteristics of a specific Linux distribution.

The following sections explain how to install and initially configure
SELinux for several popular Linux distributions. The final section of
this chapter explains how to install SELinux using the source code
provided by the NSA.


Using X with SELinux


Coaxing SELinux into working with
X has proven to be somewhat difficult.
Recent releases of SELinux perform much better in this regard than
older releases. But they still fall short of perfection.
It's common for SELinux users to find that the login
screen doesn't appear or that they
can't log in.

The KDE Desktop has so far proven more
resistant to interoperation with SELinux than its rival desktop,
GNOME. The central problem is that
various KDE programs run as identically named processes. Thus,
SELinux cannot assign these KDE processes to distinct domains. One
result of this inability is that KDE's temporary
files sometimes cannot be labeled with appropriate domains. Thus,
with respect to KDE, SELinux policies tend either to be too
restrictive or too lax. We can hope that a future release of KDE or
SELinux will somehow address this problem. In the meantime, for those
using SELinux, GNOME is generally a better desktop choice than KDE.

If you find yourself unable to log into X, try returning to a
text-mode console by pressing Ctrl-Alt-F1. Then log in and reboot the
system in non-SELinux mode, as explained in Chapter 4.


/ 100