Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Removing DAC.
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Mon, 24 Mar 2008 13:45:13 -0400
On Mon, 2008-03-24 at 14:29 -0300, cinthya aranguren wrote:
SELinux does not use the DAC attributes (uid, gid, mode bits) as part of its decision. SELinux does however control the use of capabilities/privileges in accordance with its policy. And it does have a notion of user identity in its security context, although that is separately managed and is usually used just as a "role set" construct in modern SELinux (e.g. staff_u authorized for staff_r and sysadm_r). -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 24 Mar 2008 - 13:47:09 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |