O'Reilly logo

SELinux by Example: Using Security Enhanced Linux by David Caplan, Karl MacMillan, Frank Mayer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7. Constraints

In this chapter

• 7.1 Closer Look at the Access Decision Algorithm

• 7.2 Constrain Statement

• 7.3 Label Transition Constraints

• 7.4 Summary

• Exercises

SELinux provides a constraint mechanism to further restrict the access allowed by the policy regardless of the policy allow rules. In this chapter, we explore the constraint feature in SELinux.

7.1 A Closer Look at the Access Decision Algorithm

To understand the purpose of constraints, let’s revisit the SELinux Linux Security Module (LSM). Recall the SELinux kernel architecture discussed in Chapter 3, “Architecture,” the salient portion of which is depicted again in Figure 7-1.

Figure 7-1. Review of the SELinux LSM module

We want to take a closer look at how the access ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required