On Mon, 2005-08-08 at 08:30 -0400, Frank Mayer wrote:
Göran Uddeborg wrote:
> Is there some kind of documentation list over the available classes
> and operations (permissions)?
There's a paper on NSA's site that should help. Also we've been trying to
keep exactly what you asked for at
http://www.tresys.com/selinux/obj_perms_help.html. We intend to keep it up
to date (it currently has a date of April), but there might be some minor
changes not reflected.
The original set of classes and permissions were described in the report
available from
http://www.nsa.gov/selinux/papers/slinux-abs.cfm
That report described the classes and permissions and what permission
checks were applied for each syscall (the control requirements) for the
original SELinux kernel patch.
A subsequent report on the LSM-based SELinux available from
http://www.nsa.gov/selinux/papers/module-abs.cfm
describes changes from the original SELinux kernel patch and what
permission checks are applied for each LSM hook function. We have been
periodically updating that report, and its sources are included in the
selinux-doc tarball.
--
Stephen Smalley
National Security Agency