Exercises

Previous page
Table of content
Next page

1.

What is a "domain" and how is it related to or different from a type?

2.

What are the access control attributes used by SELinux type enforcement security to control access? What portion of the attribute is used by type enforcement for access control?

3.

Let's assume that we have a file named datafile with the following security attributes:

-r-xr-xr-x root root system_u:object_r:data_t datafile


Let's also assume that your shell process type is user_t and that type has all access permissions for file objects of type data_t. Can you read and/or write this file? Why or why not?

4.

For SELinux to allow a domain transition, a number of access permissions must be allowed among three types. What are the access permissions required and between what types? What do the types represent?

5.

In answering Question 4, was a type_transition rule required? Why or why not?

6.

In SELinux, a role is not used as a basis for access control, but it can prevent a domain transition from succeeding. How and why?

Extra credit: Examine the SELinux configuration file /etc/selinux/config. What are the possible states in which SELinux can run and what do each mean? How do the settings in this file differ from using the setenforce command?



Previous page
Table of content
Next page
SELinux by Example(c) Using Security Enhanced Linux
SELinux by Example: Using Security Enhanced Linux
ISBN: 0131963694
EAN: 2147483647
Year: 2007
Pages: 154
Authors: Frank Mayer, Karl MacMillan, David Caplan
BUY ON AMAZON
The CISSP and CAP Prep Guide: Platinum Edition
WebLogic: The Definitive Guide
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Cisco CallManager Fundamentals (2nd Edition)
802.11 Wireless Networks: The Definitive Guide, Second Edition
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy