SELinux RBAC
-
SELinux users can be associated with one or more SELinux role
user system_u roles system_r; user root roles { user_r sysadm_r }; -
SELinux roles can be associated with one or more types
role system_r types { kernel_t initrc_t getty_t klogd_t }; role sysadm_r types { sysadm_t run_init_t }; -
Role allow rule specifies authorised transitions between roles based on a pair of roles
allow system_r { user_r sysadm_r }; allow user_r sysadm_r;
http://www.openweekend.cz/slides/ow_2004/html/SELinux-OW/foil14.html
Don
No comments:
Post a Comment