Home > Others

The role of Roles

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

SELinux also provides a role-based access control (rbac,role-based access controls). The features of SELinux Rbac are built on TE Foundation. Access control in SELinux is essentially te, the type enforcement access policy. A role can restrict a process-converted type that is converted based on a role identifier in the context of a process security. In this way, a policy definition is able to create a role that is allowed to be converted into a series of domain types (assuming the TE rules allow such conversions), thus defining the constraints of the role. Again, use our example of the cipher program in Figure 2-5. Although the password program is allowed to convert from a user_t domain type to a new passwd_t domain based on the type Enforcement access policy rule, Joe's role must also be allowed to occur for that conversion. To be able to articulate, we have extended the example of the cryptography program.

We have added a role section (USER_R) that describes the security context of the process. We have also added a new rule, role statement:

type passwd_t

The role statement declares the character identifier and links the declared role and type. The previous description declares the role User_r (if it has not been declared in the policy) and links the identifier passwd_t and the role User_r. This linkage means that the passwd_t type is allowed to coexist with the role user_r in the security context. Without this role declaration, the new context joe:user_r:user_t will not be created, and the EXECVE () system call will fail even if the TE policy allows all necessary access to Joe's type (user_t).

A policy definition can define a constrained role and associate these roles with a specific user. For example, imagine that, in our strategy, we also created a role called Retricted_user_r, which is the same in all respects as user_r, except that he is not associated with the passwd_t type. Therefore, if Joe's role is restricted_user_r instead of User_r,joe, the password program will not run
Even if the TE rule allows access to the domain identity.

In the sixth chapter, "Roles and Users" discusses in detail the meaning of roles in selinux, especially how roles are created and how they are associated with users.

The role of Roles

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
role of dom role of parser role of garbage collector role of web browser roles and responsibilities of software developer roles and responsibilities of ui designer explain role of parser with example
Related Article
Methods for generating various waveform files Vcd,vpd,shm,fsdb

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More