Chapter 6. Role-Based Access Control
Up to this point in the
book, we've looked at the functions SELinux provides
and the configuration files that direct its operation. However,
we've merely glanced at the SELinux policy language
that's used to specify the SELinux security policy.
Our situation is akin to that of a 15th or
16th century explorer who has studied maps
of the New World and dreamed of the exotic sights that may be found
there but has not yet ventured to sea. In this chapter, we at last
embark upon our sea voyage.
In this chapter and the following two chapters,
you'll find a detailed explanation of the SELinux
policy language and several related languages, such as those used to
specify file and security contexts. This chapter explains the SELinux
role-based access control policies, Chapter 7
explains the SELinux type-enforcement policies, and Chapter 8 explains other elements of the SELinux
policy. Of course, most likely your goal is not merely to understand
the SELinux policy language or SELinux security policies themselves,
though such skills are useful to the SELinux system administrator.
Instead, it's more likely that you want to be able
to specify new and modified SELinux security policies. If that is
your goal,
Chapter 6 through
Chapter 8
won't quite take you to the
end of your voyage, though you'll make landfall near
the end of Chapter 8. Then
you'll be ready for Chapter 9,
which explains how you can customize existing SELinux policies and
implement your own policies.
|
No comments:
Post a Comment