SELinux by Example: Using Security Enhanced Linux

Chapter 7. Constraints

In this chapter

• 7.1 Closer Look at the Access Decision Algorithm

SELinux provides a constraint mechanism to further restrict the access allowed by the policy regardless of the policy allow rules. In this chapter, we explore the constraint feature in SELinux.

7.1 A Closer Look at the Access Decision Algorithm

To understand the purpose of constraints, let’s revisit the SELinux Linux Security Module (LSM). Recall the SELinux kernel architecture discussed in Chapter 3, “Architecture,” the salient portion of which is depicted again in Figure 7-1.

Figure 7-1. Review of the SELinux LSM module

We want to take a closer look at how the access ...

Get SELinux by Example: Using Security Enhanced Linux now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux by Example: Using Security Enhanced Linux by Frank Mayer, Karl MacMillan, David Caplan

Chapter 7. Constraints

7.1 A Closer Look at the Access Decision Algorithm

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly