Chapter 7. Type Enforcement
The preceding chapter explained role-based access control in SELinux.
Role-based access control is a secondary access control model that
supplements the primary SELinux access control model, type
enforcement. This chapter explains the syntax and meaning of SELinux
policy declarations related to type enforcement. The chapter
concludes with an analysis of a small but typical domain policy: the
Fedora Core 2 policy for the ping domain, which
resides in the file ping.te.
The SELinux Type-Enforcement Model
As explained in Chapter 2, the SELinux
type-enforcement model associates each
process with a domain and each nonprocess object with a
type.[7] Permissions define the operations that
can be performed upon objects. Thus, you can think of a domain as a
set of related processes that share the same permissions. For
instance, the Apache web server process runs within the
httpd_t domain and therefore possesses the
permissions associated with that domain. The SELinux policy grants
permissions to domains and specifies rules for transitioning between
domains.
Permissions are encoded as access vectors, which specify the
operations that a domain is authorized to perform on objects of a
given type, such as files. Thus, you can think of an
object’s type as implicitly referring to the set of
rules—that is, the access vector—that specify the
permissible operations on the object. For instance, access vector
rules enable processes within the httpd_t domain to write to the web ...
Get SELinux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
