On 04/07/2014 05:52 AM, Patrick K., ITF wrote: > > On 4/7/2014 5:24 AM, dE wrote: >> Hi! >> >> Sorry for the trival question; but on reading various SELinux resources, >> it appears everyone talks about some 'domain' but no one defines what is >> it. >> >> So I wanna what what is a domain in SELinux. >> >> >> Thank you! > > Hello, > > Generally a domain is a scope or realm, consisting of related contexts > in which you define and operate your security components (depending on > your security model) using a combination of: > > SELinux user, role, type and level (optionally, MLS sensitivity level) > > > Particularly, a domain is also used interchangeably with SELinux "type" > > In addition, in RBAC (Role-based security model) to some extent a > "role" can serve as an intermediary between domains (types) and be > part of it. > > Representations: > > SELinux User : SELinux Role : SELinux Type : Sensitivity Level > unconfined_u : unconfined_r : unconfined_t : s0-s0:c0.c1024 > > > # ps -eZ > # ls -laZ > > > > > Best Regards, > > I would describe a "Domain" as in SELinux type applied to a process as opposed to a type applied to an Object like a file, port, interface, network ...
