SELinux by Example: Using Security Enhanced Linux

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W]

abstraction, reference policy modularity,

accept permission,

access

     apol (policy analysis tool)

         conditional policies

         object classes

         object labeling

         TE (type enforcement)

         user roles

    constraints

         elements of constrain statement

         LSM (Linux Security Module)

         MLS (multilevel security)

         validatetrans statement

    control [See TE (type enforcement),, access control.]

     RBAC (role-based access control)

         basics

         object security contexts

         privilege management

     user identifiers

         declaring users

         mapping Linux users to SELinux users

    user roles

         role allow rule

         role declaration statement

         role dominance statement

         transition rules

access control

     evolution in operating systems

         DAC mechanism weaknesses

         MAC origins

         reference monitor

         SELinux evolution

         TE (type enforcement)

     security context

         basics

         SELinux versus standard Linux

     TE (type enforcement)

         domain transitions

         password management program example

         standard Linux SetUID programs

         type transition rule

access interfaces, reference policy modularity,

access revocation,

access vector (AV) rules,

     allow rules

     audit rules

     basic syntax 2nd

         attributes

         keys

         multiple types and attributes

         object classes and permissions

         self keyword

         special operators

         type negation

     neverallow rule

access vector cache (AVC), 2nd

access vector statements

     associating permissions with object class

     syntax

aliases, TE (type enforcement),

allow rules, 2nd 3rd 4th

allow statement, conditional statement,

analysis, policy modules,

Anderson Report,

APIs (application programming interfaces),

apol (policy analysis tool),

     conditional policies

     object classes

     object labeling

     TE (type enforcement)

append permission, 2nd

application programming interfaces (APIs),

architectures

    kernels

         Flask architecture

         LSM (Linux Security Module)

         userspace object managers

     policy languages

         checkpolicy program

         installing monolithic policies

         loadable modules

         monolithic policy

associate permission,

association object class,

association permissions,

attributes

     AC (access vector) syntax

     associating types

     AV (access vector) syntax

     processes

     statements

     TE (type enforcement)

audit messages

     evaluating

     system administration

         AVC messages

         general messages

         seaudit tool

audit rules, access vector rules,

audit2allow tool,

audit2why tool,

auditallow rule,

auditallow statement, conditional statement,

auditdeny rule,

ausearch tool,

automatic relabeling, file-related object labeling,

AV (access vector) rules,

     allow rules

     audit rules

     basic syntax 2nd

         attributes

         keys

         multiple types and attributes

         object classes and permissions

         self keyword

         special operators

         type negation

     neverallow rule

AVC (access vector cache), 2nd

AVC messages, 2nd

avcstat tool,