Search My Blog

Wednesday, May 12, 2010

SELinux RBAC

SELinux RBAC

  • SELinux users can be associated with one or more SELinux role

    user system_u roles system_r; user root roles { user_r sysadm_r };
  • SELinux roles can be associated with one or more types

    role system_r types { kernel_t initrc_t  getty_t klogd_t }; role sysadm_r types { sysadm_t run_init_t };
  • Role allow rule specifies authorised transitions between roles based on a pair of roles

    allow system_r { user_r sysadm_r }; allow user_r sysadm_r;
Read more...
http://www.openweekend.cz/slides/ow_2004/html/SELinux-OW/foil14.html

Don

No comments: