book

SELinux by Example: Using Security Enhanced Linux

by Frank Mayer, Karl MacMillan, David Caplan

July 2006

Intermediate to advanced

456 pages

9h 45m

English

Read now

Unlock full access

Contents

Chapter 1Chapter 2Chapter 3Chapter 4Chapter 5Chapter 7Chapter 8Chapter 11

Content preview from SELinux by Example: Using Security Enhanced Linux

Chapter 7. Constraints

In this chapter

• 7.1 Closer Look at the Access Decision Algorithm

• 7.2 Constrain Statement

• 7.3 Label Transition Constraints

• 7.4 Summary

SELinux provides a constraint mechanism to further restrict the access allowed by the policy regardless of the policy allow rules. In this chapter, we explore the constraint feature in SELinux.

7.1 A Closer Look at the Access Decision Algorithm

To understand the purpose of constraints, let’s revisit the SELinux Linux Security Module (LSM). Recall the SELinux kernel architecture discussed in Chapter 3, “Architecture,” the salient portion of which is depicted again in Figure 7-1.

Figure 7-1. Review of the SELinux LSM module

We want to take a closer look at how the access ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

You might also like

Android Security Internals

Android Security Internals

Nikolay Elenkov

SELinux Cookbook

SELinux Cookbook

Sven Vermeulen

CentOS Quick Start Guide

CentOS Quick Start Guide

Shiwang Kalkhanda

Security Superstream: Ransomware

Security Superstream: Ransomware

Chloé Messdaghi, Alissa Knight, Cynthia Brumfield, Edna Conway, Kellyn Wagner Ramsdell, Laurie Iacono

Publisher Resources

ISBN: 0131963694Purchase book