What are the SELinux security mechanisms?

SELinux has always been considered the most secure Linux system because SELinux was developed by the National Security Agency and has multiple layers of security. So what are the SELinux security mechanisms? Let's take a look.

type enforcement policy compared to MAC (mandatory access control) SELinux is introduced more distant. However, in some cases, especially in a subset of classified government applications, traditional MLS (Multi-Layer Security Mechanism) mandatory access control plus TE is very valuable. After realizing this situation, SELinux also includes some forms of MLS. In SELinux, the features of MLS are optional and secondary to the two mandatory access control mechanisms. For most security applications, including many applications that do not have very few data classifications, the TE strategy is the most appropriate mechanism for enhanced security mechanisms. Despite this, the addition of MLS has increased the security of some applications.

The actual implementation of MLS is very complicated. The security layer used by the MLS system is a combination of layered sensitivity and a collection of non-hierarchical directories (including empty sets). These sensitivities and directories are used to reflect the confidentiality of real information and user permissions. In most SELinux strategies, sensitivity (s0, s1…) and directories (c0, c1…) are given generic names, allowing user space programs and class libraries to assign meaningful names to users. (For example, s0 may be associated with UNCLASSIFIED, s1 may be associated with SECRET.)

To support MLS, the security context is extended to include security hierarchies such as these

user_r:role_type:sensitivity[ :category,…][-sensitity[:catagory,…]] Previous 12Next Total 2 Pages