Wikipedia says: Security-Enhanced Linux (SELinux)is a Linux feature that provides a variety of security policies, including U.S.Department of Defense style mandatory access controls,through the use of Linux Security Modules (LSM)in the Linux kernel.It is not a Linux distribution,but rather a set of modifications that can be applied to Unix-like operating systems,such as Linux and BSD Primarily developed by the US National Security Agency 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
Wikipedia says: ❖Security-Enhanced Linux (SELinux) is a Linux feature that provides a variety of security policies, including U.S. Department of Defense style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating systems, such as Linux and BSD. … ❖Primarily developed by the US National Security Agency …
运行示意图 Action Subject Request SELinux Permission Object (eg:read) Security Granted Yes (eg:a process) Server (eg:a file) No SELinux AVC: Policy Denied Database Message 1 ence and Tec7人 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
运行示意图
主要内容 *Definition History Concepts 空天 *Architecture SELinux Policy Language Userspace 冬实现 使用 of Science and Technolooyof china 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
主要内容 ❖Definition ❖History ❖Concepts ❖Architecture ❖SELinux Policy Language ❖Userspace ❖实现 ❖使用
SELinux Timeline 1985:LOCK (early Type Enforcement) 1990: DTMach/DTOS 1995: Utah Fluke /Flask 1999:2.2 Linux Kernel (patch) 2000: 2001:2.4 Linux Kernel (patch) 2002: LSM 2003:2.6 Linux Kernel (mainline) 2006: Full network labeling Present 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003: 2.6 Linux Kernel (mainline) 2006: Full network labeling Present
主要内容 *Definition History Concepts 空大 *Architecture SELinux Policy Language Userspace 冬实现 使用 of science and Technolooyot china 嵌入式系统实验室 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
主要内容 ❖Definition ❖History ❖Concepts ❖Architecture ❖SELinux Policy Language ❖Userspace ❖实现 ❖使用