Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] abstraction, reference policy modularity, accept permission, access apol (policy analysis tool) conditional policies object classes object labeling TE (type enforcement) user roles constraints elements of constrain statement LSM (Linux Security Module) MLS (multilevel security) validatetrans statement control [See TE (type enforcement),, access control.] RBAC (role-based access control) basics object security contexts privilege management user identifiers declaring users mapping Linux users to SELinux users user roles role allow rule role declaration statement role dominance statement transition rules access control evolution in operating systems DAC mechanism weaknesses MAC origins reference monitor SELinux evolution TE (type enforcement) security context basics SELinux versus standard Linux TE (type enforcement) domain transitions password management program example standard Linux SetUID programs type transition rule access interfaces, reference policy modularity, access revocation, access vector (AV) rules, allow rules audit rules basic syntax 2nd attributes keys multiple types and attributes object classes and permissions self keyword special operators type negation neverallow rule access vector cache (AVC), 2nd access vector statements associating permissions with object class syntax aliases, TE (type enforcement), allow rules, 2nd 3rd 4th allow statement, conditional statement, analysis, policy modules, Anderson Report, APIs (application programming interfaces), apol (policy analysis tool), conditional policies object classes object labeling TE (type enforcement) append permission, 2nd application programming interfaces (APIs), architectures kernels Flask architecture LSM (Linux Security Module) userspace object managers policy languages checkpolicy program installing monolithic policies loadable modules monolithic policy associate permission, association object class, association permissions, attributes AC (access vector) syntax associating types AV (access vector) syntax processes statements TE (type enforcement) audit messages evaluating system administration AVC messages general messages seaudit tool audit rules, access vector rules, audit2allow tool, audit2why tool, auditallow rule, auditallow statement, conditional statement, auditdeny rule, ausearch tool, automatic relabeling, file-related object labeling, AV (access vector) rules, allow rules audit rules basic syntax 2nd attributes keys multiple types and attributes object classes and permissions self keyword special operators type negation neverallow rule AVC (access vector cache), 2nd AVC messages, 2nd avcstat tool, |