You are here SELinux / SELinux Role Transition

SELinux Role Transition


 

The SELinux Role Based Access Control (RBAC) mechanism allows custom roles to be created and assigned to users. Each role bounds a permitted set of SELinux types that the user may assume. A user's type determines which operations it may perform. Each role bounds permitted operations over both the operating system and Trusted RDBMS. Additionally, each role defines a permitted set of other roles to which the user may transition. Each role and its behavior is configured using SELinux text-based policy rules.

 

The following diagram illustrates a user logging into the system and transitioning to a role that is able to execute Trusted RUBIX operations. The text box in the lower left corner contains actual SELinux policy rules that correspond to the diagram.

 

Step 1: Linux user 'Bob' logs into the operating system. During login, the Linux user 'Bob' is mapped to the SELinux user 'dbadm_u'.

 

Step 2: An initial SELinux context is automatically constructed for user 'Bob'. The SELinux user component is from Step 1, 'dbadm_u'; the role component is the default role for the 'dbadm_u' SELinux user, 'staff_r'; the type component is the default type for the 'staff_r' role, 'staff_t'; the MLS/MCS level range is taken from the 'dbadm_u' SELinux user configuration and is 's0-s0'. Note that if the high and low level ranges are the same, they are displayed as a single value (i.e., 's0'). The SELinux context for 'Bob' upon login is 'dbadm_u:staff_r:staff_t:s0'. Typically, the 'staff_r' role would be configured to allow some operating system administrative abilities, but no Trusted RUBIX abilities. The user must transition into a new role to be able to perform DBMS duties.

 

Step 3: The user 'Bob' explicitly transitions to one of the reachable Trusted RUBIX roles: 'rubix_op_r', 'rubix_dbadm_r', or 'rubix_auditadm_r'. According to the SELinux policy rules, these are the only three roles that may be reached from the 'staff_r' role. In our example, the user would use the operating system newrole command to explicitly transition to a role. Once the user transitioned to that role, he would be able to perform Trusted RUBIX RDBMS duties, such as executing an ODBC application or performing an administrative operation (e.g., backup the database).

 

SELinux Role Transitions Diagram