SELinux is the access control system developed by the NSA. It is a relatively new technology that has been included in the 2.6 kernel. More importantly, SELinux is becoming a central security mechanism in various distributions, including the recently released Red Hat Enterprise Linux 4. Mayer et al. will help the reader to: understand the purpose of the new security technology SELinux brings to Linux; learn the reference for all aspects of SELinux security policy language; manage and maintain security of SELinux-based distributions such as Red Hat REL4; develop and write new SELinux security policy modules; and understand how to use SELinux to build secure systems. Product Description
SELinux: Bring World-Class Security to Any Linux Environment!
SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel-and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions-it's easier than ever to take advantage
of its benefits.
SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies- including the powerful new Reference Policy-showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.
. Thoroughly understand SELinux's access control and security mechanisms
. Use SELinux to construct secure systems from the ground up
. Gain fine-grained control over kernel resources
. Write policy statements for type enforcement, roles, users, and constraints
. Use optional multilevel security to enforce information classification and manage users with diverse clearances
. Create conditional policies that can be changed on-the-fly
. Define, manage, and maintain SELinux security policies
. Develop and write new SELinux security policy modules
. Leverage emerging SELinux technologies to gain even greater flexibility
. Effectively administer any SELinux system
Backcover
SELinux: Bring World-Class Security to Any Linux Environment!
SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel-and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions-it's easier than ever to take advantage
of its benefits.
SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies- including the powerful new Reference Policy-showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.
. Thoroughly understand SELinux's access control and security mechanisms
. Use SELinux to construct secure systems from the ground up
. Gain fine-grained control over kernel resources
. Write policy statements for type enforcement, roles, users, and constraints
. Use optional multilevel security to enforce information classification and manage users with diverse clearances
. Create conditional policies that can be changed on-the-fly
. Define, manage, and maintain SELinux security policies
. Develop and write new SELinux security policy modules
. Leverage emerging SELinux technologies to gain even greater flexibility
. Effectively administer any SELinux system
Front Matter i Preface xix
Chapter 1: Background 3
Chapter 2: Concepts 15
Chapter 3: Architecture 39
Chapter 4: Object Classes and Permissions 59
Chapter 5: Type Enforcement 89
Chapter 6: Roles and Users 129
Chapter 7: Constraints 149
Chapyer 8: Multilevel Security 163
Chapter 9: Conditional Policies 183
Chapter 10: Object Labeling 205
Chapter 11: Original Example Policy 239
Chapter 12: Reference Policy 265
Chapter 13: Managing an SELinux System 295
Chapter 14: Writing Policy Modules 325
Appendix A: Obtaining SELinux Sample Policies 363
Appendix B: Participation and Further Information 369
Appendix C: Object Classes and Permissions 375
Appendix D: SELinux Commands and Utilities 401
Index 409
SELinux: Bring World-Class Security to Any Linux Environment!
SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel
SELinux: Bring World-Class Security to Any Linux Environment!
SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel-and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions-it's easier than ever to take advantage
of its benefits.
SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies- including the powerful new Reference Policy-showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.
. Thoroughly understand SELinux's access control and security mechanisms
. Use SELinux to construct secure systems from the ground up
. Gain fine-grained control over kernel resources
. Write policy statements for type enforcement, roles, users, and constraints
. Use optional multilevel security to enforce information classification and manage users with diverse clearances
. Create conditional policies that can be changed on-the-fly
. Define, manage, and maintain SELinux security policies
. Develop and write new SELinux security policy modules
. Leverage emerging SELinux technologies to gain even greater flexibility
. Effectively administer any SELinux system
Backcover
SELinux: Bring World-Class Security to Any Linux Environment!
SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel-and delivered by default in Fedora Core, Red Hat Enterprise Linux, and other major distributions-it's easier than ever to take advantage
of its benefits.
SELinux by Example is the first complete, hands-on guide to using SELinux in production environments. Authored by three leading SELinux researchers and developers, it illuminates every facet of working with SELinux, from its architecture and security object model to its policy language. The book thoroughly explains SELinux sample policies- including the powerful new Reference Policy-showing how to quickly adapt them to your unique environment. It also contains a comprehensive SELinux policy language reference and covers exciting new features in Fedora Core 5 and the upcoming Red Hat Enterprise Linux version 5.
. Thoroughly understand SELinux's access control and security mechanisms
. Use SELinux to construct secure systems from the ground up
. Gain fine-grained control over kernel resources
. Write policy statements for type enforcement, roles, users, and constraints
. Use optional multilevel security to enforce information classification and manage users with diverse clearances
. Create conditional policies that can be changed on-the-fly
. Define, manage, and maintain SELinux security policies
. Develop and write new SELinux security policy modules
. Leverage emerging SELinux technologies to gain even greater flexibility
. Effectively administer any SELinux system
Front Matter i Preface xix
Chapter 1: Background 3
Chapter 2: Concepts 15
Chapter 3: Architecture 39
Chapter 4: Object Classes and Permissions 59
Chapter 5: Type Enforcement 89
Chapter 6: Roles and Users 129
Chapter 7: Constraints 149
Chapyer 8: Multilevel Security 163
Chapter 9: Conditional Policies 183
Chapter 10: Object Labeling 205
Chapter 11: Original Example Policy 239
Chapter 12: Reference Policy 265
Chapter 13: Managing an SELinux System 295
Chapter 14: Writing Policy Modules 325
Appendix A: Obtaining SELinux Sample Policies 363
Appendix B: Participation and Further Information 369
Appendix C: Object Classes and Permissions 375
Appendix D: SELinux Commands and Utilities 401
Index 409
SELinux: Bring World-Class Security to Any Linux Environment!
SELinux offers Linux/UNIX integrators, administrators, and developers a state-of-the-art platform for building and maintaining highly secure solutions. Now that SELinux is included in the Linux 2.6 kernel