Home > Articles > Operating Systems, Server > Linux/UNIX/Open Source

  • Print
  • + Share This
This chapter is from the book

Exercises

  1. What is a "domain" and how is it related to or different from a type?

  2. What are the access control attributes used by SELinux type enforcement security to control access? What portion of the attribute is used by type enforcement for access control?

  3. Let's assume that we have a file named datafile with the following security attributes:

    -r-xr-xr-x root root system_u:object_r:data_t datafile

    Let's also assume that your shell process type is user_t and that type has all access permissions for file objects of type data_t. Can you read and/or write this file? Why or why not?

  4. For SELinux to allow a domain transition, a number of access permissions must be allowed among three types. What are the access permissions required and between what types? What do the types represent?

  5. In answering Question 4, was a type_transition rule required? Why or why not?

  6. In SELinux, a role is not used as a basis for access control, but it can prevent a domain transition from succeeding. How and why?

Extra credit: Examine the SELinux configuration file /etc/selinux/config. What are the possible states in which SELinux can run and what do each mean? How do the settings in this file differ from using the setenforce command?

  • + Share This
  • 🔖 Save To Your Account