Controlled Services
-
Permissions are defined on objects and grouped together into
object classes
-
Examples
- Process: code execution, transitions, entrypoints, signals,
wait, ptrace, capabilities, etc.
- File: fd inheritance and transfer, accesses to files,
directories, file systems
- Socket: accesses to sockets, messages, network interfaces,
hosts
- System V IPC: accesses to semaphores, message queues, shared
memory
- Security: accesses to security server services