Tips for Taming SE Linux, Part Two
With Fedora's mature SELinux implementation as your guide, let's dig in to how MAC security policies work in practice.
For now we're going to make sure we understand SELinux fundamentals, and take a look at the nice Fedora tools for managing SELinux.
Policies: The SELinux Master Control Center
SELinux calls users, processes, and programs subjects. objects are files, devices, sockets, ports, and sometimes other processes. Subjects can be thought of as processes, and objects are the targets of a process operation.
SELinux uses a kind of role-based access control (RBAC) combined with type enforcement. Type enforcement enforces policy rules based on the types of processes and objects, which it tracks in a giant table. Types and domains are the same thing; you'll see both terms a lot.
Type enforcement means every subject on the system—that's right, all of them&mash;has to have a type assigned to it. Types are stored in security contexts in the extended attributes (xattrs) of the files. This means they are stored in the inodes, which means that no matter how many weirdo soft or hard links are attached to your file, the security context is inescapable, and will not be fooled by silly evasions such as renaming the files or creating crafty softlinks.
Types are included in the security context. A security context has three elements: identity, role, and type identifiers, like this:
You can see these with the Z option to the ls command:
$ ls -alZ /bin/ping -rwsr-xr-x root root system_u:object_r:ping_exec_t:s0 /bin/ping
What do these things mean? system_u is a system user. Files on disk do not have roles, so they are always object_r. ping_exec_t is the type for the ping command. You will also see documentation that calls this the domain.