On 4/7/2014 5:24 AM, dE wrote:
Hi!
Sorry for the trival question; but on reading various SELinux resources,
it appears everyone talks about some 'domain' but no one defines what is
it.
So I wanna what what is a domain in SELinux.
Thank you!
Hello,
Generally a domain is a scope or realm, consisting of related contexts
in which you define and operate your security components (depending on
your security model) using a combination of:
SELinux user, role, type and level (optionally, MLS sensitivity level)
Particularly, a domain is also used interchangeably with SELinux "type"
In addition, in RBAC (Role-based security model) to some extent a "role"
can serve as an intermediary between domains (types) and be part of it.
Representations:
SELinux User : SELinux Role : SELinux Type : Sensitivity Level
unconfined_u : unconfined_r : unconfined_t : s0-s0:c0.c1024
# ps -eZ
# ls -laZ
Best Regards,
--
Patrick K.
