Content Specification
Security-Enhanced Linux Preface
On Linux operating systems, everything is represented as a file. For example, a hard disk can be represented as the /dev/hda
file, and processes, such as Mozilla Firefox, are represented as files in the proc file system (/proc
). These files are called objects. Linux operating systems use a Discretionary Access Control (DAC) system, that defines access to these objects. Users have access to change permissions for files and directories that they own. They could, for example, make their home directory world-readable, potentially allowing access to privileged information from other users, or giving processes, such as a Web server, access to serve these files.
Security-Enhanced Linux (SELinux) provides a Mandatory Access Control (MAC) system for Linux operating systems. MAC restricts the control users have over the files and directories that they create. SELinux allows files, and therefore everything on a Linux system, to be labeled. [talk about classes and permissions]
What SELinux Can Do
With SELinux, processes (subjects), such as the Apache HTTP server, run in a restricted domain. Files (objects) are labeled with a type. This type is used by Type Enforcement, which is used by MAC. SELinux policy defines the interaction subjects have with objects. This means that if the Apache HTTP server is compromised, the attacker only has access to files labeled with the correct type.
SELinux offers:
- Type Enforcement (TE): files are labeled with a type. Access is only granted if it is specifically defined - the default action is to deny access. This prevents processes (subjects), such as Samba and FTP, from accessing files they should not have access to, for example, files in user home directories.