Logo free mcse ccna rhce linux java learning free mcse ccna rhce linux java learning
          Sharefacebook twitter google+ google bookmark yahoo bookmark delicious digg linkedin pinterest reddit stumbleupon evernote diigo blinklist blogmarks livejournal email feed


How Security-enhanced Linux (SELinux) works

External Resources

Security-enhanced Linux (SELinux) has hooks at strategic points where the security is required within the core kernel code(Example: When a file is about to be read by a user). These hooks allow Security-enhanced Linux (SELinux) to request extended access control decisions. Access control decisions usually are made between a process (Example: cat) and an object (Example: a file, /etc/shadow) for a specific permission (read).

When a process (here cat command, which is a Subject), needs to access a file ( which is an object, /etc/shadow), the policy enforcement server in the Linux Kernel checks an Access Vector Cache (AVC), where subject and object permissions are cached. If there is no enough data in the Access Vector Cache (AVC), the request continues to the security server, which searches for the security context of the process and the file in a matrix. Permission is then granted or denied, with an avc: denied message detailed in “/var/log/messages” if permission is denied.

In Linux, DAC checks occur first and MAC based Security-enhanced Linux (SELinux) checks occur after DAC check.

There are three possible statuses for Security-enhanced Linux (SELinux): "enforcing", "permissive", and "disabled". As the name "disabled" SELinux and "enforcing" SELinux describes, "disabled" mode disables Security-enhanced Linux (SELinux) and "enforcing" mode enables Security-enhanced Linux (SELinux). The "permissive" means that any SELinux rules that are violated are logged; however, permissive SELinux doesn't stop anything.

              Jajish Thomason Google+
Related Topics
Basic Linux Commands Linux file permissions What is Security-enhanced Linux (SELinux), Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-based Access Control (RBAC)? Security-enhanced Linux (SELinux) Security Contexts Security-enhanced Linux (SELinux) configuration-file (/etc/selinux/conf) Security-enhanced Linux (SELinux) - Filesystem Relabeling Important Security-enhanced Linux (SELinux) commands
comments powered by Disqus

eXTReMe Tracker