From Fedora Project Wiki
m (→Access Control) |
|||
| Line 17: | Line 17: | ||
* Type Enforcement (TE) | * Type Enforcement (TE) | ||
* Role Based Access Control (RBAC) | * Role Based Access Control (RBAC) | ||
SELinux rules are not checked if DAC rules deny access. | |||
== Targeted Policy Overview == | == Targeted Policy Overview == | ||
Revision as of 03:32, 9 August 2008
Content Specification (Draft-only)
SELinux Introduction
SELinux Basics
Someone suggested having a section, that detailed if you are not going to do anything else with SELinux, then at least do these 3-4 things...
Access Control
Describe the concepts of the following, using <http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/selg-overview.html> as a guide:
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Multi-Level Security (MLS)
- Mutli-Category Security (MCS)
- Type Enforcement (TE)
- Role Based Access Control (RBAC)
SELinux rules are not checked if DAC rules deny access.
Targeted Policy Overview
- Introduction to targeted policy: <http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/sec-sel-policy-targeted-oview.html>.
- Confined and unconfined processes. Explain unconfined.
- Users and roles: user_u, user_r, system_r, and so on.
When using targeted policy, domains run as the system_r role. Type enforcement then separates each domain.
SELinux Contexts and Attributes
SELinux Contexts and Attributes