Chapter 1. SELinux Architectural Overview
3
3. The policy server first checks the AVC, and returns a decision to the enforcement server.
If the AVC does not have a policy decision cached, it turns to the security server, which uses the
binary policy that is loaded into the kernel during initialization. The AVC caches the decision, and
returns the decision to the enforcement server, that is, the kernel.
4. If the policy permits the subject to perform the desired operation on the object, the operation is
allowed to proceed.
5. If the policy does not permit the subject to perform the desired operation, the action is denied,
and one or more
avc: denied
messages are logged to
$AUDIT_LOG
, which is typically
/var/log/messages
in Red Hat Enterprise Linux.
With the security server handling the policy decision making, the enforcement server handles the rest
of the tasks. In this role, you can think of the enforcement code as being an object manager. Object
management includes labeling objects with a security context, managing object labels in memory, and
managing client and server labeling.
1.2. SELinux, an Implementation of Flask
SELinux has been through several iterations as part of the process of being incorporated into the Linux
kernel. During this time, the overall architecture has remained the same, but many of the programmatic
details have changed. Some of the reasons for change were: requirements for upstream acceptance;
changes in LSM as part of being accepted into the kernel; and the switch to using xattrs.
As one example of the changes between kernel versions, originally security context was maintained
through a mapping from context to SID, and managed by the security server. In the 2.6.x Linux
kernel, the security context for a file is stored in the xattrs, allowing it to carry around its own SELinux
context.
As an implementation of the Flask architecture, SELinux also served as a reference implementation
of LSM. Originally LSM and SELinux were patches to the 2.4. x
series of kernels; SELinux was
never able to work as a loadable security module. Therefore, a big part of gaining upstream acceptance
into the mainline Linux kernel required everything from fixing coding practices to changing how
SELinux interacted with the kernel.
Part of the SELinux development team was also instrumental in designing, building, and integrating
LSM into the kernel. SELinux integration into the kernel was the motivation to start the LSM project.
SELinux was an early proof of the ability of LSM to allow security enhancements to be connected
into, instead of strapped onto, the Linux kernel. Originally, SELinux was a loadable module, but it
became statically compiled into the 2.6.x kernel. It is still an LSM module, using the LSM hooks in
the kernel to control and label. Because of the abstraction layer provided by both the LSM and Flask
frameworks, SELinux is highly configurable and modifiable.
Flask is flexible enough to work in many different environments, and Linux is a natural fit for the
Flask model. Access to the kernel source and a willing, community driven development process allow
for the best modification to fully support Flask's objectives. The wide range of platforms Linux runs
on means SELinux is extensively tested. The consensus process of getting SELinux integrated into the
kernel has improved the code and practices. Now that it is integrated, it has a better chance of long 
term success than security enhancement models that are strapped on top of the operating system.
There are a few more differences in the specific way SELinux implements Flask in the Linux kernel,
compared to traditional Flask methodology and initial SELinux creation:
1. Under traditional TE, there is a distinction between types and domains. A type is the security
context for a file object, and a domain is the security context for a process. In the SELinux im 
plementation, there is no real distinction programmatically. In SELinux, domains are processes
that have the attribute
process
, so the term domain is used in the traditional way. Similarly,
the term type is mostly applied to object types, but it can mean both domains and types.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

adult web hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved