This chapter is from the book
This chapter is from the book
This chapter is from the book
Exercises
-
What is a "domain" and how is it related to or different from a type?
-
What are the access control attributes used by SELinux type enforcement security to control access? What portion of the attribute is used by type enforcement for access control?
-
Let's assume that we have a file named datafile with the following security attributes:
-r-xr-xr-x root root system_u:object_r:data_t datafile
Let's also assume that your shell process type is user_t and that type has all access permissions for file objects of type data_t. Can you read and/or write this file? Why or why not?
-
For SELinux to allow a domain transition, a number of access permissions must be allowed among three types. What are the access permissions required and between what types? What do the types represent?
-
In answering Question 4, was a type_transition rule required? Why or why not?
-
In SELinux, a role is not used as a basis for access control, but it can prevent a domain transition from succeeding. How and why?
Extra credit: Examine the SELinux configuration file /etc/selinux/config. What are the possible states in which SELinux can run and what do each mean? How do the settings in this file differ from using the setenforce command?