Security Contexts

The discussion in the preceding section might lead you to believe that SELinux makes security decisions based on the identity of individual subjects and objects. In principle, such a system could be made to work. But the system would be unnecessarily unwieldy. Because processes related to a single program can generally be treated the same, it’s more convenient to make security decisions based on sets or classes of subjects and objects rather than on individual objects. For example, every instance of the SSH server should generally be given the same permissions, including read access to /etc/ssh/sshd_config. Similarly, all the files within a given directory often can be manipulated by the same subject. For example, the DHCP service should be permitted to manipulate any of the files in /var/state/dhcp. To simplify decision making, similar subjects can be grouped and similar objects can be grouped.

SELinux associates information called security attributes with subjects and objects and bases its security decisions on the values of these attributes. Three security attributes are used:

User identity

The user identity indicates the SELinux user account associated with a subject or object. In the case of a subject, the user identity gives the SELinux user account under which the process is running. In the case of an object, the user identity gives the user account that owns the object.

Tip

In tracking user identities, SELinux does not use the list of user accounts maintained ...

Get SELinux now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.