Home arrow BrainDump arrow Demystifying SELinux on Kernel 2.6

Demystifying SELinux on Kernel 2.6

If you're looking for a way to control or restrict access to your Linux-based applications, you might want to look at SELinux. This extension has been around since Linux kernel 2.6 and can help you with your access issues.

TABLE OF CONTENTS:
  1. Demystifying SELinux on Kernel 2.6
  2. Basics of SELinux
  3. More About SELinux
  4. Final Thoughts
By: Barzan "Tony" Antal
Rating: starstarstarstarstar / 2
October 29, 2009

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Before we begin, first we need to understand what kind of access control we're talking about, and then we can easily comprehend how "mandatory access control" (MAC) tries to accomplish our aims. The operating system has the ability to examine the course of an action that an "initiator" wants to perform on a so-called "target." In its simplest form, imagine a process wanting to do something (i.e.; open, write, modify) with a file.

In the case above, the initiator is the process, while the target or the object is the file. The mechanism needs to be globalized and extended to directories, memory segments, and even TCP/UDP ports, not to mention lots of other objects. The same is true of the initiators; they can be not just processes but also threads and so forth. Let's keep things simple.

The operating system is responsible for maintaining the overall security of the system from the software level. It's like a Big Brother, watching everything from the "top" with a global understanding of virtually anything that happens. Each operation ought to be examined and matched with a set of rules and authorizations. These policies in our case can be MAC or DAC-mandatory or discretionary access control.

Please note that in this article, the presence of the MAC abbreviation stands for Mandatory Access Control and has nothing to do with the unique identifier that is given to network devices, commonly known as the "MAC address," which is short for media access control address. This can create confusion, but this is a software article focusing on the access controls of the Linux operating system.

All right now, we're slowly escalating and getting to the point of things. There's still much to be demystified and explained before the big picture comes together. On the next page we will see how MAC approaches "access controls" in comparison with the old-fashioned DAC. Then we'll cover how MAC could be implemented in Linux. Turn the page!



 
 
>>> More BrainDump Articles          >>> More By Barzan "Tony" Antal
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

BRAINDUMP ARTICLES

- Apple Founder Steve Jobs Dies
- Steve Jobs` Era at Apple Ends
- Google's Chrome Developer Tool Updated
- Google's Chrome 6 Browser Brings Speed to th...
- New Open Source Update Fedora 13 is Released...
- Install Linux with Knoppix
- iPad Developers Flock To SDK 3.2
- Managing a Linux Wireless Access Point
- Maintaining a Linux Wireless Access Point
- Securing a Linux Wireless Access Point
- Configuring a Linux Wireless Access Point
- Building a Linux Wireless Access Point
- Migrating Oracle to PostgreSQL with Enterpri...
- Demystifying SELinux on Kernel 2.6
- Yahoo and Microsoft Create Ad Partnership

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: