You are here SELinux

SELinux


Security Enhanced Linux (SELinux) is an open source project that integrates a general purpose Mandatory Access Control (MAC) security policy enforcement mechanism into UNIX/Linux based operating systems. It is supported by the National Security Agency (NSA) and an active open source community. It is included and enabled by default in the Red Hat Enterprise Linux (including RHEL clones, Scientific Linux and CentOS) and Fedora operating systems.

 

SELinux includes distinct MAC policy mechanisms: Type Enforcement (TE), Role Based Access Control (RBAC), and Multilevel Security (MLS). SELinux uses a text-based, scripting language to configure the behavior of all policies. Each policy may be customized by security administrators by modifying, compiling, and installing the policy script associated with a particular site. The SELinux policy may cover both operating system and DBMS objects and operations.

 

The SELinux security model assigns every Linux object (file, directory, socket, process, etc.) an object class and a set of operations, also called permissions, on the object class.The model assigns a type to each instantiated subject and object. The type assigned to each instatiated subject (e.g.,process) is generally referred to as a domain or a domain type. The heart of the SELinux mechanism is a set of rules that define which operations a subject with a specific domain may perform given the target object's class and type. The enforcement of these rules is known as Type Enforcement (TE). In addition to TE rules that allow or deny an operation, rules also exist that determine how types are assigned to subjects and objects (i.e., how subjects and objects are labeled).

 

Each subject and object is assigned a string based security label called a context. The context consists of four components: SELinux user, the role, the type (or domain), and a Multi Level Security/Multi-Category Security (MLS/MCS level range. An object's context is calculated and assigned when the object is created and is generally static. A subject's context typically  changes during the subject's session. All components except the SELinux user may change.

 

The SELinux RBAC mechanism allows custom roles to be created and assigned to users. The RBAC features determine which contexts a given subject may acquire. A subject's initial role is either explicitly set upon login or is taken from the assigned default role. Each role has an assigned set of types and a subject may transition to a type only if the type is associated with its role. Furthermore, a subject may only transition from one role to another if rules are defined allowing the transition. Each role and its behavior is configured using SELinux text based policy rules.

 

In addition to TE rule enforcement, SELinux also optionally enforces MLS or MCS. Both MLS and MCS restrict all levels to a single sensitivity level with multiple categories. Additionally, MCS is a discretionary policy allowing an object's owner to set the categories for that object. Trusted RUBIX does not support the discretionary aspects of the MCS policy; that is, an owner of an object may not change the MCS categories associated with that object. For an operation to be permitted, the TE rules and the MLS/MCS rules must both be satisfied.

 

Trusted RUBIX is SELinux security enforcing software. It interacts with the SELinux functionality of the underlying operating system to extend SELinux security controls to all Trusted RUBIX subjects and objects. SELinux policy rules may be added to the operating system's SELinux policy repository that will define security behavior for all Trusted RUBIX subjects and objects. Custom SELinux roles and security behavior may be created that will define the security behavior over both SELinux and Trusted RUBIX objects, allowing for a coherent security policy across all objects on the platform. To simplify policy development interfaces (analogous to procedure calls) are used to provide a more programmatic environment for creating complex policies

 

Trusted RUBIX integrates the SELinux policies into its DBMS, providing MAC security for all DBMS objects and operations. To learn more about the capabilities of Trusted RUBIX and SELinux please see the links at the bottom of this page or see the Trusted RUBIX SELinux White Paper.