SELinux models

From SELinux Wiki
Jump to: navigation, search

Introduction to SELinux security models and concepts

SELinux implements a security model that is a combination of SELinux User Identities, Role-Based Access control and Type Enforcement. Optional models that can be implemented are User-Based Access Control, Multi Level Security or Multi Category Security. Each of these models have a Security attribute, and the combination of these Security attributes is called a Security context.

SELinux User Identities

The SELinux User Identity attribute is the first attribute in the Security context. This attribute is used to assign SELinux Roles and Security Level ranges, or Security Category ranges to Linux User Identities. SELinux User Identities are independent of the Linux User Identities. Constraints in the security policy define whether SELinux User Identities can be changed.

Role-Based Access Control

The Role-based Access Control attribute is the second attribute in the Security context. This attribute is used to assign Security domains to SELinux User Identities. Role-Based Access Control is only applicable to processes. The SELinux Role attribute in Security contexts for objects is generic.

Type Enforcement

The Type Enforcement attribute is the third attribute in the Security context. This attribute is used to assign types to processes and objects. These types can be used to define how processes and objects can interact. Type transitions define whether types for processes and objects can be changed.


Optional models and concepts



User-Based Access Control

The User-Based Access Control attribute is the first attribute in the Security context. User-Based Access Control is an optional extension to the SELinux User Identity concept. This User-Based Access Control concept is used to achieve SELinux User Identity separation. Constraints in the security policy define how SELinux User Identities can interact with each others resources.

Multi Level Security

The Multi Level Security attribute is the fourth attribute in the Security context. This attribute is used to assign Security levels and Security compartments to processes and objects to enforce confidentiality. Constraints in the security policy define how processes and files can interact. Processes are forced to operate on specified Security Levels, and in specified Security Compartments. The Multi Level Security model enforces a "no read up and no write down" policy. Multi Level Security and Multi Category Security are mutually exclusive.

Multi Category Security

The Multi Category Security attribute is the fourth attribute in the Security context. This attribute is used to assign Security Categories to processes and objects. The Security level attribute in Multi Category Security contexts is generic. Constraints in the security policy define how processes and files can interact. Multi Category Security is a implementation of Multi Level Security where the use of assigned Security Categories is to the discretion of the user. Multi Category Security and Multi Level Security are mutually exclusive.

--DominickGrift 06:31, 2 July 2009 (PDT)