Linux Security Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 3: Line 3:


=Privileged Mode=
=Privileged Mode=
A process that runs in privileged mode has full access to the kernel. A container that runs in privileged mode has full access to the container runtime host's kernel.


==Privileged Process==
==Privileged Process==

Revision as of 00:22, 2 March 2021

Internal

Privileged Mode

A process that runs in privileged mode has full access to the kernel. A container that runs in privileged mode has full access to the container runtime host's kernel.

Privileged Process

Traditional UNIX implementations distinguish two categories of processes for the purpose of performing permission checks: privileged processes and unprivileged processes. A privileged process is a process with its effective user ID is 0, referred to as superuser or root. Privileged processes bypass all kernel permission checks.

TODO reconcile https://kb.novaordis.com/index.php/Docker_Security#Privileged_Container

Privileged Container

Unprivileged Process

An unprivileged process is a process with a non-zero its effective user ID. Unprivileged processes are subject to full permission checking based on the process' credentials: effective UID, effective GID and supplementary group list.

Unprivileged Container

Discretionary Access Control

https://wiki.archlinux.org/index.php/users_and_groups

Effective User ID

Effective Group ID

Supplementary Group List

Linux Capabilities

Linux Capabilities