| 1. | What is a "domain" and how is it related to or different from a type? |
| 2. | What are the access control attributes used by SELinux type enforcement security to control access? What portion of the attribute is used by type enforcement for access control? |
| 3. | Let's assume that we have a file named datafile with the following security attributes: -r-xr-xr-x root root system_u:object_r:data_t datafile Let's also assume that your shell process type is user_t and that type has all access permissions for file objects of type data_t. Can you read and/or write this file? Why or why not? |
| 4. | For SELinux to allow a domain transition, a number of access permissions must be allowed among three types. What are the access permissions required and between what types? What do the types represent? |
| 5. | In answering Question 4, was a type_transition rule required? Why or why not? |
| 6. | In SELinux, a role is not used as a basis for access control, but it can prevent a domain transition from succeeding. How and why? |