Assessments

Chapter 1

  1. The most important difference is that, with a DAC system, the user has full control over who gets which kind of access to the user's data. It is left to the discretion of the user, hence the name. With MAC systems, the system administrator (or security administrator) defines how accesses are handled and enforced. Access is mandated by a policy, and users cannot work around this if the administrator does not allow it.
  2. Linux has introduced hooks inside its kernel code, which developers can subscribe to with their own code. These hooks are part of the Linux Security Module (LSM) framework, an extensible framework that is natively part of the Linux kernel.

    SELinux is one of the MAC technologies that use this LSM framework (and ...

Get SELinux System Administration - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial