First page Back Continue Last page Overview Graphics
Role-Based Access Control
Roles for processes
Specifies domains that can be entered by each role
Specifies roles that are authorized for each user
Initial domain associated with each user role
Ease of management of RBAC with fine granularity of TE
Notes:
Not a traditional RBAC model.
Roles are only used to assign domains to users, not to directly grant permissions.
But unlike traditional RBAC, SELinux RBAC/TE hybrid allows confinement of malicious and flawed programs using domains.