* What do you mean by a 'domain'. @ 2014-04-07 9:24 dE 2014-04-07 9:52 ` Patrick K., ITF 2014-04-07 11:54 ` Stephen Smalley 0 siblings, 2 replies; 6+ messages in thread From: dE @ 2014-04-07 9:24 UTC (permalink / raw) To: selinux Hi! Sorry for the trival question; but on reading various SELinux resources, it appears everyone talks about some 'domain' but no one defines what is it. So I wanna what what is a domain in SELinux. Thank you! ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: What do you mean by a 'domain'. 2014-04-07 9:24 What do you mean by a 'domain' dE @ 2014-04-07 9:52 ` Patrick K., ITF 2014-04-07 11:45 ` Daniel J Walsh 2014-04-07 11:54 ` Stephen Smalley 1 sibling, 1 reply; 6+ messages in thread From: Patrick K., ITF @ 2014-04-07 9:52 UTC (permalink / raw) To: selinux On 4/7/2014 5:24 AM, dE wrote: > Hi! > > Sorry for the trival question; but on reading various SELinux resources, > it appears everyone talks about some 'domain' but no one defines what is > it. > > So I wanna what what is a domain in SELinux. > > > Thank you! Hello, Generally a domain is a scope or realm, consisting of related contexts in which you define and operate your security components (depending on your security model) using a combination of: SELinux user, role, type and level (optionally, MLS sensitivity level) Particularly, a domain is also used interchangeably with SELinux "type" In addition, in RBAC (Role-based security model) to some extent a "role" can serve as an intermediary between domains (types) and be part of it. Representations: SELinux User : SELinux Role : SELinux Type : Sensitivity Level unconfined_u : unconfined_r : unconfined_t : s0-s0:c0.c1024 # ps -eZ # ls -laZ Best Regards, -- Patrick K. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: What do you mean by a 'domain'. 2014-04-07 9:52 ` Patrick K., ITF @ 2014-04-07 11:45 ` Daniel J Walsh 0 siblings, 0 replies; 6+ messages in thread From: Daniel J Walsh @ 2014-04-07 11:45 UTC (permalink / raw) To: Patrick K., ITF, selinux On 04/07/2014 05:52 AM, Patrick K., ITF wrote: > > On 4/7/2014 5:24 AM, dE wrote: >> Hi! >> >> Sorry for the trival question; but on reading various SELinux resources, >> it appears everyone talks about some 'domain' but no one defines what is >> it. >> >> So I wanna what what is a domain in SELinux. >> >> >> Thank you! > > Hello, > > Generally a domain is a scope or realm, consisting of related contexts > in which you define and operate your security components (depending on > your security model) using a combination of: > > SELinux user, role, type and level (optionally, MLS sensitivity level) > > > Particularly, a domain is also used interchangeably with SELinux "type" > > In addition, in RBAC (Role-based security model) to some extent a > "role" can serve as an intermediary between domains (types) and be > part of it. > > Representations: > > SELinux User : SELinux Role : SELinux Type : Sensitivity Level > unconfined_u : unconfined_r : unconfined_t : s0-s0:c0.c1024 > > > # ps -eZ > # ls -laZ > > > > > Best Regards, > > I would describe a "Domain" as in SELinux type applied to a process as opposed to a type applied to an Object like a file, port, interface, network ... ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: What do you mean by a 'domain'. 2014-04-07 9:24 What do you mean by a 'domain' dE 2014-04-07 9:52 ` Patrick K., ITF @ 2014-04-07 11:54 ` Stephen Smalley 2014-04-08 5:51 ` dE 2014-04-08 6:43 ` Patrick K., ITF 1 sibling, 2 replies; 6+ messages in thread From: Stephen Smalley @ 2014-04-07 11:54 UTC (permalink / raw) To: dE, selinux On 04/07/2014 05:24 AM, dE wrote: > Hi! > > Sorry for the trival question; but on reading various SELinux resources, > it appears everyone talks about some 'domain' but no one defines what is > it. > > So I wanna what what is a domain in SELinux. See: http://www.nsa.gov/research/_files/selinux/papers/policy2/x86.shtml ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: What do you mean by a 'domain'. 2014-04-07 11:54 ` Stephen Smalley @ 2014-04-08 5:51 ` dE 2014-04-08 6:43 ` Patrick K., ITF 1 sibling, 0 replies; 6+ messages in thread From: dE @ 2014-04-08 5:51 UTC (permalink / raw) To: selinux On 04/07/14 17:24, Stephen Smalley wrote: > On 04/07/2014 05:24 AM, dE wrote: >> Hi! >> >> Sorry for the trival question; but on reading various SELinux resources, >> it appears everyone talks about some 'domain' but no one defines what is >> it. >> >> So I wanna what what is a domain in SELinux. > See: > http://www.nsa.gov/research/_files/selinux/papers/policy2/x86.shtml > So domain is a SELinux identifier of a process and it's not necessary to for each process to have a unique SELinux domain. I didn't know NSA hosted docs also. Thanks! I'll refer to them instead. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: What do you mean by a 'domain'. 2014-04-07 11:54 ` Stephen Smalley 2014-04-08 5:51 ` dE @ 2014-04-08 6:43 ` Patrick K., ITF 1 sibling, 0 replies; 6+ messages in thread From: Patrick K., ITF @ 2014-04-08 6:43 UTC (permalink / raw) To: selinux -- Patrick K. Kashi, PhD CTO On 4/7/2014 7:54 AM, Stephen Smalley wrote: > On 04/07/2014 05:24 AM, dE wrote: >> Hi! >> >> Sorry for the trival question; but on reading various SELinux resources, >> it appears everyone talks about some 'domain' but no one defines what is >> it. >> >> So I wanna what what is a domain in SELinux. > > See: > http://www.nsa.gov/research/_files/selinux/papers/policy2/x86.shtml > The definition of the term "domain" in "Type Enforcement model" is security context and attributes assigned to a process BUT not necessarily in SELinux: SELinux internally won't care about domain, it uses type for that matter. Would you mind to correct me, if I'm wrong? above document asserts: QUOTE: " ... Although the example TE configuration often uses the term domain when referring to the type of a process, the SELinux TE model does not internally distinguish domains from types." UNQOUTE Best regards, Patrick K. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-04-08 6:43 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-04-07 9:24 What do you mean by a 'domain' dE 2014-04-07 9:52 ` Patrick K., ITF 2014-04-07 11:45 ` Daniel J Walsh 2014-04-07 11:54 ` Stephen Smalley 2014-04-08 5:51 ` dE 2014-04-08 6:43 ` Patrick K., ITF
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.