Role-based access control in SELinux

Source: IBM Developer Works - Posted by Ryan Berens

Serge E. Hallyn, in his follow up to SELinux from Scratch goes into more detail on how best to utilize SELinux to its fullest potential. In this particular example, he uses the metaphor of writing a policy over a cash-register system... Very useful overview indeed.

The security policy implemented in Security-Enhanced Linux (SELinux) is type enforcement (TE) under a layer of role-based access control (RBAC). (SELinux also orthogonally implements multi-level security (MLS), which is outside the scope of this article.) TE is the most visible, and therefore the most well known, server because it enforces fine-grained permissions: when something breaks because of unexpected access denials, TE is most likely responsible. In TE, a process's security domain (its domain of influence over the system) is determined by the task's history and the currently executing program.

Read this full article at IBM Developer Works

Comments

business

Written by Dulee2005mm on 2008-04-04 22:43:32

TE is most likely responsible

-------------------------------
Dulee

A team of successful entrepreneurs credited for www.SelectWealthSystem.com
A new home-based-business marketing system that provides the strategic high ground for internet marketing.
Pro Team Marketing uses an automated marketing system that is currently promoting a cutting-edge young company, entering the early growth stage, that targets the largest consumer base in the United States with their financial educational products.
http://www.SelectWealthSystem.com

Only registered users can write comments.
Please login or register.