Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux DocumentationUsing GConf as an Example of How to Create an Userspace Object ManagerJames Carter (National Security Agency) AbstractGConf is a configuration system for GNOME. It does not provide adequate security controls over the configuration data that it manages, which could allow the security goals of the system to be violated. There are various strategies that can be used to provide security controls over an application under SELinux. One strategy, which is a natural part of implementing the Flask architecture on Linux, is to turn the program into a userspace object manager. This paper discusses the general process of providing SELinux controls over a program and the specific steps taken to provide SELinux controls over GConf. The paper appears in the Proceedings of the 2007 SELinux Symposium and is also available here in: The 2007 SELinux Symposium presentation slides are available here in: * To view documents stored as Portable Document Format (PDF) files your local computer must have a viewer application or a Web browser plug-in that supports the PDF file format.Linux is a registered trademark of Linus Torvalds |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |