Meeting Security Objectives

The SELinux release includes an example of a general-purpose security policy configuration designed to meet a number of security objectives as an example of how a system may be secured [16]. The example RBAC configuration is very simple. All system processes run in the system_r role. Two roles are currently defined for users, user_r for ordinary users and sysadm_r for system administrators.

Most of the policy is specified through the example TE configuration. Separate domains are defined for various system processes and authorized for the system_r role. Each user role has an associated initial login domain, the user_t domain for the user_r role and the sysadm_t domain for the sysadm_r role. This initial login domain is associated with the user's initial login shell. As the user executes programs, domain transitions occur automatically as needed to change privileges. Different sets of domains are authorized for each of the user roles.

The rest of this section describes how the TE configuration meets a specific set of security objectives. It provides and explains detailed examples of the configuration to address each objective. In some cases, macros in the actual configuration have been expanded for the excerpts in this section to reveal greater detail about the configuration. Additionally, in some cases, the full expansion of a macro has been pruned for brevity.