SELinux Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
No edit summary
Line 7: Line 7:


* External https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/chap-Security-Enhanced_Linux-SELinux_Contexts.html
* External https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/chap-Security-Enhanced_Linux-SELinux_Contexts.html
Processes and files are associated with an SELinux context that contains the SELinux user, role, type, and optionally a level. When running SELinux, this information is used to make access control decisions.


=Policy=
=Policy=
The SELinux Policy is the set of rules that tells the SELinux security engine what to do. A policy defines types for file objects and domains for processes. It uses roles to limit the domains that can be entered, and has user identities to specify the roles that can be attained.
=Type and Domain=
Types and domains are equivalent, the difference being that types apply to objects while domains apply to processes.

Revision as of 22:50, 8 January 2016

Internal

Context

Processes and files are associated with an SELinux context that contains the SELinux user, role, type, and optionally a level. When running SELinux, this information is used to make access control decisions.

Policy

The SELinux Policy is the set of rules that tells the SELinux security engine what to do. A policy defines types for file objects and domains for processes. It uses roles to limit the domains that can be entered, and has user identities to specify the roles that can be attained.

Type and Domain

Types and domains are equivalent, the difference being that types apply to objects while domains apply to processes.