IBM developerWorks is carrying an article by security hacker Serge Hallyn
on how to set up role-based access control using SELinux. "Different users using the same /bin/register program are able to read and write different files that they cannot access without the program. This is one of the core concepts of type enforcement: both the authorized context of the user and the code being executed should together determine the resulting process's 'domain of influence' over the system (or TE domain).
to post comments)