SELinux Context Definition:
Here we will discuss about the basics behind roles, types and domains in SELinux. Its important that we have a clear understanding of the three key pieces of information used in the security context Tuple.
Security Context or Tuple:
A security context or Tuple consist of 2 or more related fields in given row.
eg:- user_u:system_r:unconfined_t
explained in simple word is "id:first_name:last_name"
Field/Degree 1: USER LABEL
eg:- user_u, root_u etc
In general the first value will be the user value. Usually the non-privilege user will be described as "user_u". However the root user is treated as "root_u". The targeted policy in RHEL is not much more concentrated in the first and second fields
Field/Degree 2: (Role based Access control[RBAC])
SELinux supports users being the members of Role (same like a typical DAC system where the user belongs to a group). i.e, in this example of Tuple user_u:system_r:unconfined_t & root_u:system_r:unconfined_t the non privilege & privilege user is having a common role "system_r"
Field/Degree 3: Type/Domain
It makes a difference whether we apply this to a subject or object. i.e, Type is applied to objects such as files and Domains are applied to Subjects (Programs or users).
Eg:-
Privilege as well as non privilege users are grouped in to unconfined "Type" by default .
For process such as httpd, each process has a domain named after the process with a suffix of "_t" eg:- httpd_t, dhcpd_t
No comments:
Post a Comment
tag ur valuable ideas below