|
|
why we have chosen Selinux security context for process classification ?
These are the reasons to select Selinux security context for process classification :
1. They are persistant (i.e. they will remain same even after reboots)
2. They are flexible (i.e. Security context will differ depending on who is executing,
which program is being executed, and in what context it has been executed )
3. They are configurable(i.e. you can change selinux policies to set selinux contexts as per your needs.
There are many user-friendly tools which helps in giving security context i.e. "seedit" )
4. We are keeping process classification rules seperate from selinux internal policies
This keeps classification management in the systems like resource mgmt and ELSA very simple.
You need to configure just one simple configuration file of the system.
5. We provide added flexibility by supporting wild-characters in security context
(Examples for that we have given in configuration files for more details )
|