steffff
July 22nd, 2009, 05:37 AM
Hello guys!
I would like to ask you experts if you can recommend some documentation about the SELinux implementation. I have already looked through the NSA website (papers, technical reports, presentations) and some books chapters unsuccessfully, in the sense that they are, let me say, high-level. I didnt get any answer from the NSA mailing list. I also tried to have a look at the code, but it's not that easy :D
The questions I m looking for an answer to are about how a policy is managed, accessed and searched in SELinux. I understood that SELinux first searches the AVC (a short list of rules) for it, then if it's not there somewhere else... in the access vector table (a hash-table in avtab.h/c)? Finally, the policy is stored in a binary file... is it managed as a database? What is the link between the binary file and the avtab?
Thank you i advance for any help!
Stefano
I would like to ask you experts if you can recommend some documentation about the SELinux implementation. I have already looked through the NSA website (papers, technical reports, presentations) and some books chapters unsuccessfully, in the sense that they are, let me say, high-level. I didnt get any answer from the NSA mailing list. I also tried to have a look at the code, but it's not that easy :D
The questions I m looking for an answer to are about how a policy is managed, accessed and searched in SELinux. I understood that SELinux first searches the AVC (a short list of rules) for it, then if it's not there somewhere else... in the access vector table (a hash-table in avtab.h/c)? Finally, the policy is stored in a binary file... is it managed as a database? What is the link between the binary file and the avtab?
Thank you i advance for any help!
Stefano