| |||||||||||||
Linux security non-modules and AppArmorLinux security non-modules and AppArmorPosted Jun 28, 2007 18:53 UTC (Thu) by jamesm (guest, #2273)In reply to: Linux security non-modules and AppArmor by akumria Parent article: Linux security non-modules and AppArmor
Traditional DAC is based on an extremely simple binary notion, where euid==0 represents full privilege. The semantics of this are clear, and indeed, this policy may be hard-coded into the kernel.
Beyond DAC (which is definitely inadequate for today's computing environment), the models and their semantics become more complicated. With this complexity, it's important to maintain a separation of mechanism and policy (as a general principle, too), so that different sets of requirements can be met. The policy-flexible design in SELinux arose directly from unsatisfactory experiences with earlier MAC security schemes where policy was hard-coded into the mechanism. In particular, it's been extremely rare to see "trusted" Unix systems in anything other than very specialized situations such as handling classified information.
Policy-flexibility is one of the characteristics of SELinux which makes it suitable not only for these situations, but also for general purpose computing such as a web server or cell phone. This is with no code changes, just different policies loaded.
I'd suggest reading some SELinux docs for more detailed background on the design and its rationale.
e.g. http://www.nsa.gov/selinux/papers/ottawa01/index.html
(the introduction is very useful).
(Log in to post comments)
|
|||||||||||||