[redhat-lspp] RBAC Roles
Stephen Smalley
sds at tycho.nsa.gov
Mon Sep 19 20:10:14 UTC 2005
On Mon, 2005-09-19 at 15:56 -0400, Steve Grubb wrote:
> Hi,
>
> I have been thinking about the interaction between SE Linux Type Enforcement
> and RBAC Roles. What is the user experience supposed to look like? Can
> someone show me an example of how a user would change roles? Label a file
> with a role? See the roles associated with a running process?
Under strict policy, it is common to have to do a newrole -r sysadm_r to
assume administrative privileges even when you are root. Dan introduced
a start at further creating a secadm_r role, although more work would be
needed to properly decompose administrative responsibilities.
Roles are just process attributes; files are always just "object_r".
The role acts as an abstraction for grouping sets of domains for
assignment to users and bounding the set of reachable domains. Whereas
traditional RBAC would speak of authorizing roles directly for
permissions to objects, we would speak of authorizing roles for domains,
and then authorizing domains for access to types. That provides
finer-grained control, including the ability to distinguish programs
(based on their domain) within a single role.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list