In a previous article i mentioned that one shortcoming of traditional Linux security is that the kernel can not make a distinction between a subject that was executed by the system or a process that was started by a user. I also mentioned that the Discretionary access control model only knows two users: root and user.
The Mandatory access control model tackles these issues with the user field in the security context tuple. We can now create as many SELinux user groups as we like. The kernel can now know who or what started a process. Be it a subject initialized by any kind of user, or a system daemon. This attribute is used by the security server to enforce policy defined by the administrator that is based on: who owns the subject or object.
On systems running the traditional targeted policy, system services are assigned to the system_u SELinux user group, and users are assigned to the user_u SELinux user group.
Policy that also makes use of the second role field in the SELinux security context tuple, like Strict, MLS or recent versions of policy Targeted use additional SELinux user groups to further group types of user domains to allow the administrator to apply policy that is targeted to the owner of a process.
The administrator can create additional SELinux user groups, he can assign roles, and levels to these user groups. Tailor made policy for each user group can be defined and enforced.
Process is often referred to as subject, (user or application) domain or source
Abonneren op:
Reacties posten (Atom)
Geen opmerkingen:
Een reactie posten