The SELinux system has a much higher security performance than the usual Linux system, and it does not have a significant impact on the entire system by minimizing access to the user, process, or user rights, even when attacked.
Next I'll introduce some features of SELinux.
Thorough control of Access
Features 1:MAC (mandatory access control)
Access to resources such as all files, directories, and ports can be based on policy settings that are customized by the administrator and are not changed by the general user.
Give the process only minimal permissions
Feature 2:te (Type enforcement)--only give minimal permissions to the process
The TE concept is very important in SELinux. It is characterized by giving all files a file type label called type, and giving each process a label called Domain. The domain label can perform operations that are also determined by access vector in the policy.
We are familiar with the Apache server, the httpd process can only run in httpd_t, this httpd_t domain can perform operations, such as reading Web page content file given to httpd_sys_content_t, password file to give shadow_t, TCP's 80 port gives http_port_t and so on. If we do not allow http_t to operate on http_port_t in Access vector, Apache startup will not start. On the other hand, we only allow 80 ports, only to read the files marked as httpd_sys_content_t, httpd_t can not use other ports, and can not change the files marked as httpd_sys_content_t (Read only).
Prevent permission escalation
Features 3:domain migration-preventing privilege escalation
Run point-to-point download software in user environment Azureus, your current domain is fu_t, but you think about security, you want to let him run in azureus_t, if you use the command to start Azureus in terminal, The domain of its process will inherit the fu_t of the shell you implement by default.
With domain migration, we can allow Azureus to run in our designated azureus_t, which is preferable to security, and will not affect your fu_t.
The following are examples of domain migration instructions:
Domain_auto_trans (fu_t,azureus_exec_t,azureus_t)
This means that domain is migrated from fu_t to azureus_t when a file labeled azureus_exec_t is implemented in fu_t domain. The following is an Apache-initiated migration map. Note that since which domain can be migrated to httpd_t is in the strategy, so if we start Apache manually (/etc/init.d/httpd start), we may still be in sysadm_t, so we can't do the proper migration. To start manually using the Run_init command.
Give the user only the least privilege
Feature 4:rbac (role base access control) ――――― give users only the least privilege
For the user, is divided into some role, even if the root users, if you are not in the Sysadm_r, you still can not implement sysadm_t management operations. Because the role can be performed by those domain is also set in the strategy. Role can also be migrated, but only as defined by policy.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
