| Two kinds of objects exist within a Linux system: transient objects and persistent objects. A transient object has a quite limited lifetime, often existing merely as a data structure within kernel space. A process is the most common kind of transient object. SELinux can directly associate an SID with a transient object by keeping a memory-resident table that maps transient object identities to SIDs and thence to security contexts. In contrast to transient objects, a persistent object has an indefinite lifetime. The most common persistent objects are files and directories. Because persistent objects, once created, generally exist until they're destroyed , a persistent object may exist across several system startups . Thus, a memory-resident table can't be used to associate persistent objects with their SIDs, because the contents of memory-resident tables are lost at system startup. Therefore, associating a persistent object with its security context is somewhat complicated. In general, persistent objects are associated with Linux filesystems, which can be used to store their security contexts. Several Linux filesystem types, including the standard ext2 and ext3 filesystem types, provide an extended attribute feature that can be enabled during compilation of a Linux kernel. SELinux uses the extended attribute to store persistent security identifiers (PSIDs) on the filesystem. SELinux uses memory-resident tables to map PSIDs to SIDs, and thence to security contexts.  | An important operation performed when initially installing SELinux involves creating the PSIDs for persistent objects, a process known as file labeling , or merely labeling . A special utility named setfiles is used to perform the labeling, which is guided by a database called the file context . The file context identifies the initial security context that should be associated with specific files, and a default context that should be associated with files not explicitly identified in the file context. Once file labeling is complete, the file context is not needed except under extraordinary circumstances, such as recovery from filesystem damage. | |
|
