Research Menu

Skip Search Box

SELinux Documentation

A Security Policy Configuration for the Security-Enhanced Linux

Stephen Smalley and Timothy Fraser (NAI Labs)

First published: December 2000
Last revised: February 2001


The National Security Agency's Information Assurance Research Office is integrating a flexible mandatory access control architecture called Flask into the Linux operating system. The Secure Execution Environments group at NAI Labs is developing a Role-Based Access Control (RBAC) and Type Enforcement (TE) security policy configuration for Security-enhanced Linux. This report describes the current state of this security policy configuration. The report begins with an overview of the security policy configuration. It then discusses the details of the configuration for Type Enforcement, Role-Based Access Control, users, constraints, and security contexts. A separate configuration used to initially set file security contexts is then described. Finally, the report describes configuration extensions to support the installation of the system.

* To view documents stored as Portable Document Format (PDF) files your local computer must have a viewer application or a Web browser plug-in that supports the PDF file format.

Linux is a registered trademark of Linus Torvalds
NAI is a trademark of Networks Associates Technology, Inc.
Type Enforcement is a registered trademark of Secure Computing Corporation


Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009