Section 7.4. Summary


7.4. Summary

  • Constraints provide global restrictions for certain permissions regardless of the allow rules contained in the policy.

  • The constrain statement enables us to restrict permissions granted based on relationships between source and target types, roles, and user identifiers.

  • The validatetrans statement enables us to restrict the ability to change object security contexts based on relationships between the old, new, and process type, role, and user identifiers. This statement is supported only for filesystem objects.




SELinux by Example(c) Using Security Enhanced Linux
SELinux by Example: Using Security Enhanced Linux
ISBN: 0131963694
EAN: 2147483647
Year: 2007
Pages: 154

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net