Section 5.6. Summary


5.6. Summary

  • Types are the primary basis for access control in SELinux. They serve as access control attributes for all objects (process, file, dir, socket, and so on). Types are declared using the type statement.

  • Attributes are groups of types. We can use them in place of types in most policy statements. We must declare attributes before using them. We can add types to attributes as part of a type declaration or using the typeattribute statement.

  • Aliases are alternate names for types, most often used to provide backward compatibility when renaming types. We declare aliases as part of a type declaration or using the typealias statement.

  • There are four AV rules that share common syntax: allow, neverallow, auditallow, and dontaudit.

  • We use an allow rule to specify what access a domain type may have to an object type. We specify access in terms of object classes and permissions.

  • Audit messages are, by default, not generated when access is allowed, but are generated when access is denied. We use dontaudit rules to specify denied accesses that should not generate an audit message. We use auditallow rules to specify allowed accesses that should generate an audit message.

  • AV rules (for example, allow) are cumulative, and the access that will be allowed or audited at runtime for a given source type, target type, and object class key is the union of all the rules that refer to that key.

  • We use neverallow rules to state invariant properties about access that should never be allowed by an allow rule. If an allow rule violates an invariant, the checkpolicy compiler will generate a compile error.

  • Two type rules share a common syntax: type_transition and type_change. Type rules do not allow access; instead, they specify desired default labeling policy for object creation and relabel events.

  • We use type_transition rules to label new objects upon creation (object transition) or to change process types on execution of new applications (domain transition).

  • We use type_change rules to specify default types for relabeling objects. They are used by SELinux aware software such as login or sshd.

  • The policy analysis tool apol is valuable for understanding and analyzing complex SELinux policies.




SELinux by Example(c) Using Security Enhanced Linux
SELinux by Example: Using Security Enhanced Linux
ISBN: 0131963694
EAN: 2147483647
Year: 2007
Pages: 154

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net