From: Richard Haines <richard_c_haines@btinternet.com>
To: paul@paul-moore.com, selinux@vger.kernel.org
Cc: Richard Haines <richard_c_haines@btinternet.com>
Subject: [PATCH 02/13] mac: Tidy formatting
Date: Wed, 2 Sep 2020 14:17:27 +0100 [thread overview]
Message-ID: <20200902131738.18425-3-richard_c_haines@btinternet.com> (raw)
In-Reply-To: <20200902131738.18425-1-richard_c_haines@btinternet.com>
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
src/mac.md | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/mac.md b/src/mac.md
index 7b88c24..7f673fe 100644
--- a/src/mac.md
+++ b/src/mac.md
@@ -9,13 +9,13 @@ Each of the subjects and objects have a set of security attributes that
can be interrogated by the operating system to check if the requested
operation can be performed or not. For SELinux the:
-- [**subjects**](subjects.md#subjects) are processes.
-- [**objects**](objects.md#objects) are system resources such as files,
- sockets, etc.
-- security attributes are the [**security context**](security_context.md#security-context).
-- Security Server within the Linux kernel authorizes access (or not)
- using the security policy (or policy) that describes rules that must
- be enforced.
+- [**subjects**](subjects.md#subjects) are processes.
+- [**objects**](objects.md#objects) are system resources such as files,
+ sockets, etc.
+- security attributes are the [**security context**](security_context.md#security-context).
+- Security Server within the Linux kernel authorizes access (or not)
+ using the security policy (or policy) that describes rules that must
+ be enforced.
Note that the subject (and therefore the user) cannot decide to bypass
the policy rules being enforced by the MAC policy with SELinux enabled.
@@ -35,8 +35,8 @@ SELinux supports two forms of MAC:
objects are controlled by policy. This is the implementation used for
general purpose MAC within SELinux along with Role Based Access Control.
The [**Type Enforcement (TE)**](type_enforcement.md#type-enforcement) and
-[**Role Based Access Control**](rbac.md#role-based-access-control) sections covers
-these in more detail.
+[**Role Based Access Control**](rbac.md#role-based-access-control) sections
+covers these in more detail.
**Multi-Level Security** - This is an implementation based on the
Bell-La Padula (BLP) model, and used by organizations where different
@@ -51,14 +51,14 @@ Multi-Category Security (MCS).
The MLS / MCS services are now more generally used to maintain
application separation, for example SELinux enabled:
-- virtual machines use MCS categories to allow each VM to run within
- its own domain to isolate VMs from each other (see the
- [**SELinux Virtual Machine Support**](vm_support.md#selinux-virtual-machine-support)
- section).
-- Android devices use dynamically generated MCS categories so that an
- app running on behalf of one user cannot read or write files created
- by the same app running on behalf of another user (see the
- [**Security Enhancements for Android - Computing a Context**](seandroid.md#computing-process-context-examples) section).
+- virtual machines use MCS categories to allow each VM to run within
+ its own domain to isolate VMs from each other (see the
+ [**SELinux Virtual Machine Support**](vm_support.md#selinux-virtual-machine-support)
+ section).
+- Android devices use dynamically generated MCS categories so that an
+ app running on behalf of one user cannot read or write files created
+ by the same app running on behalf of another user (see the
+ [**Security Enhancements for Android - Computing a Context**](seandroid.md#computing-process-context-examples) section).
<!-- %CUTHERE% -->
--
2.26.2
next prev parent reply other threads:[~2020-09-13 21:59 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-02 13:17 [PATCH 00/13] SELinux Notebook: Convert batch 2 to markdown Richard Haines
2020-09-02 13:17 ` [PATCH 01/13] libselinux_functions: Convert " Richard Haines
2020-09-02 13:17 ` Richard Haines [this message]
2020-09-02 13:17 ` [PATCH 03/13] modular_policy_statements: " Richard Haines
2020-09-02 13:17 ` [PATCH 04/13] network_statements: " Richard Haines
2020-09-02 13:17 ` [PATCH 05/13] network_support: " Richard Haines
2020-09-02 13:17 ` [PATCH 06/13] objects: " Richard Haines
2020-09-02 13:17 ` [PATCH 07/13] pam_login: " Richard Haines
2020-09-02 13:17 ` [PATCH 08/13] policy_config_statements: " Richard Haines
2020-09-02 13:17 ` [PATCH 09/13] policy_languages: Tidy up Richard Haines
2020-09-02 13:17 ` [PATCH 10/13] policy_store_config_files: Add TOC and tidy up formatting Richard Haines
2020-09-02 13:17 ` [PATCH 11/13] polyinstantiation: Convert to markdown Richard Haines
2020-09-02 13:17 ` [PATCH 12/13] rbac: Minor format fix Richard Haines
2020-09-02 13:17 ` [PATCH 13/13] role_statements: Convert to markdown Richard Haines
2020-09-03 14:52 ` [PATCH 00/13] SELinux Notebook: Convert batch 2 " Paul Moore
2020-09-03 16:11 ` Richard Haines
2020-09-03 21:11 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200902131738.18425-3-richard_c_haines@btinternet.com \
--to=richard_c_haines@btinternet.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.