SELinux [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

SELinux [Electronic resources] - نسخه متنی

Bill McCarty

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

SELinux

Table of Contents

Copyright

Preface

Organization of This Book

Conventions Used in This Book

Using Code Examples

How to Contact Us

Acknowledgments

Chapter 1. Introducing SELinux

1.1 Software Threats and the Internet

1.2 SELinux Features

1.3 Applications of SELinux

1.4 SELinux History

1.5 Web and FTP Sites

Chapter 2. Overview of the SELinux Security Model

2.1 Subjects and Objects

2.2 Security Contexts

2.3 Transient and Persistent Objects

2.4 Access Decisions

2.5 Transition Decisions

2.6 SELinux Architecture

Chapter 3. Installing and Initially Configuring SELinux

3.1 SELinux Versions

3.2 Installing SELinux

3.3 Linux Distributions Supporting SELinux

3.4 Installation Overview

3.5 Installing SELinux from Binary or Source Packages

3.6 Installing from Source

Chapter 4. Using and Administering SELinux

4.1 System Modes and SELinux Tuning

4.2 Controlling SELinux

4.3 Routine SELinux System Use and Administration

4.4 Monitoring SELinux

4.5 Troubleshooting SELinux

Chapter 5. SELinux Policy and Policy Language Overview

5.1 The SELinux Policy

5.2 Two Forms of an SELinux Policy

5.3 Anatomy of a Simple SELinux Policy Domain

5.4 SELinux Policy Structure

Chapter 6. Role-Based Access Control

6.1 The SELinux Role-Based Access Control Model

6.2 Railroad Diagrams

6.3 SELinux Policy Syntax

6.4 User Declarations

6.5 Role-Based Access Control Declarations

Chapter 7. Type Enforcement

7.1 The SELinux Type-Enforcement Model

7.2 Review of SELinux Policy Syntax

7.3 Type-Enforcement Declarations

7.4 Examining a Sample Policy

Chapter 8. Ancillary Policy Statements

8.1 Constraint Declarations

8.2 Other Context-Related Declarations

8.3 Flask-Related Declarations

Chapter 9. Customizing SELinux Policies

9.1 The SELinux Policy Source Tree

9.2 On the Topics of Difficulty and Discretion

9.3 Using the SELinux Makefile

9.4 Creating an SELinux User

9.5 Customizing Roles

9.6 Adding Permissions

9.7 Allowing a User Access to an Existing Domain

9.8 Creating a New Domain

9.9 Using Audit2allow

9.10 Policy Management Tools

9.11 The Road Ahead

Appendix A. Security Object Classes

Appendix B. SELinux Operations

Appendix C. SELinux Macros Defined in src/policy/macros

Appendix D. SELinux General Types

Appendix E. SELinux Type Attributes

Colophon

Index

index_SYMBOL

index_A

index_B

index_C

index_D

index_E

index_F

index_G

index_H

index_I

index_K

index_L

index_M

index_N

index_O

index_P

index_Q

index_R

index_S

index_T

index_U

index_V

index_W

index_X

index_Z
توضیحات
افزودن یادداشت جدید








8.1 Constraint Declarations


SELinux policy constraint declarations
superficially resemble the constraints implemented via
neverallow
rules. However, they support a richer
language for specifying constraints and, at the same time, have a
narrower purpose: constraint declarations restrict the
permissions that can
be granted by an access-vector rule.

Figures Figure 8-1 through Figure 8-5 show the statement syntax, which is relatively
complex. Fortunately, it's unusual for a system
administrator to need to modify the constraint declarations supplied
by a sample SELinux policy.


Figure 8-1. Constraint declaration


Figure 8-2. Syntax of cexpr


Figure 8-3. Syntax of cexpr_prim


Figure 8-4. Syntax of user_names


Figure 8-5. Syntax of cnames

Constraint declarations impose restrictions on
access-vector rules. Therefore,
constraint declarations and access-vector rules share some syntactic
elements. In particular, recall that access-vector rules involve two
security contexts: a source context and a target context. In
constraint declarations, you can refer to these contexts by using the
special tokens summarized in Table 8-1.


Table 8-1. Special tokens used in constraint declarations





Token




Description




u1


User given in source context


u2


User given in target context


r1


Role given in source context


r2


Role given in target context


t1


Type given in source context


t2


Type given in target context

Constraints declarations reside in the file
constraints. Only a
handful of constraints appear within the sample SELinux policies
distributed with SELinux. For instance, the Fedora Core 2
implementation defines two constraints that restrict the ability to
transition between user and role identities:

constrain process transition
( u1 == u2 
or (t1 == privuser and t2 == userdomain )
or (t1 == crond_t and t2 == user_crond_domain)
or (t1 == userhelper_t)
or (t1 == priv_system_role and u2 == system_u )
);
constrain process transition
( r1 == r2 
or ( t1 == privrole and t2 == userdomain )
or (t1 == crond_t and t2 == user_crond_domain)
or (t1 == userhelper_t)
or (t1 == priv_system_role and r2 == system_r )
);

The first constraint allows these identity
changes to occur only if one of the following circumstances exists:

The user identity is unchanged.

The source type has the privuser
attribute and the
target type has the userdomain
attribute.

The source type is crond_t
and the target type has
the attribute user_crond_domain
(only the domains
user_crond_t
and sysadm_crond_t

have this attribute).

The source type is userhelper_t
.

The source type has the priv_system_role
attribute
and the target user is system_u
.

The priv_system_role
attribute indicates domains
that change role from a user role to system_r
or
change identity from a user identity to system_u
.


The second constraint operates analogously but
constrains changes of role rather user identity. These constraints
are intended to allow only safe transitions between user identities
and roles. Hence, with only the few identified exceptions, only
privileged users can transition to new identities or roles.

The policy of Fedora Core 2 also defines two constraints that
restrict the ability to label
objects with a user
identity other than the current identity:

constrain { dir file lnk_file sock_file fifo_file chr_file blk_file } 
{ create relabelto relabelfrom }
( u1 == u2 or t1 == privowner );
constrain { tcp_socket udp_socket rawip_socket netlink_socket packet_socket 
unix_stream_socket unix_dgram_socket } 
{ create relabelto relabelfrom }
( u1 == u2 or t1 == privowner );

The first constraint restricts create
,
relabelto
, and relabelfrom

permissions over seven classes of file-like objects
(dir
, file
,
lnk_file
, sock_file
,
fifo_file
, chr_file
, and
blk_file
). The operations are permitted only if
they do not alter the user identity or the source type has the
attribute privowner
. The second constraint
operates similarly but restricts operations over seven classes of
network-related objects, rather than file-like objects.


Because constraints currently play a small role in typical SELinux
policies, you likely don't need to understand them
in complete detail. It's enough that you understand
their function, which is to prevent certain changes to security

contexts.


/ 100